Primary

Context

Gnuboard5 Open Redirect Vulnerability in Login Component

Vulnerability

Patched

An open redirect vulnerability exists in Gnuboard5 version 5.5.16, allowing remote attackers to obtain sensitive information through the login.php component. The vulnerability arises because the 'url' parameter is not properly sanitized, enabling redirection to arbitrary domains.

Impact

Exploitation of this vulnerability could lead to phishing attacks by redirecting users to malicious sites.

Reproduction

The vulnerability can be reproduced by sending a request to 'login.php' with a 'url' parameter that includes a backslash followed by a desired domain, such as 'google.com' or 'github.com'.

Remediation

Users are advised to update to Gnuboard5 version 5.5.17, which addresses this open redirect vulnerability.

Added: Jul 7, 2025, 6:39 PM

Updated: Jul 7, 2025, 6:39 PM

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

0.6

exploitability

7.9

remediation

7.7

relevance

0.2

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

0.6

exploitability

7.9

remediation

7.7

relevance

0.2

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Gnuboard5 Open Redirect Vulnerability in Login Component

Vulnerability

Impact

Reproduction

Remediation

Affected Products

gnuboard5

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating