CVE-2008-4104

Multiple open redirect vulnerabilities in Joomla! 1.5 before 1.5.7 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a "passed in" URL.

Published Bycve@mitre.org

Published DateSep 18, 2008, 17:59

Affected Versions(1)

joomla/framework(Packagist)

Introduced1.5.0

Fixed1.5.7

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
joomla/framework(Packagist)	1.5.0	1.5.7	N/A

Weakness Type (CWE):CWE-59

CVSS Metrics

Base Score

5.8

Vector String

AV:N/AC:M/Au:N/C:N/I:P/A:P

Base Severity

Version

2.0

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

NONE

Integrity (I)

PARTIAL

Availability (A)

PARTIAL

References

http://developer.joomla.org/security/news/274-20080904-core-redirect-spam.html
http://marc.info/?l=oss-security&m=122115344915232&w=2
http://marc.info/?l=oss-security&m=122118210029084&w=2
http://marc.info/?l=oss-security&m=122152798516853&w=2
http://securityreason.com/securityalert/4275
https://exchange.xforce.ibmcloud.com/vulnerabilities/45071

Weakness Type (CWE):CWE-59

CVSS Metrics

Base Score

5.8

Vector String

AV:N/AC:M/Au:N/C:N/I:P/A:P

Base Severity

Version

2.0

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

NONE

Integrity (I)

PARTIAL

Availability (A)

PARTIAL