Primary

Context

atjiu pybbs Open Redirect Vulnerability in Language Change Function

Vulnerability

An open redirect vulnerability has been identified in atjiu pybbs versions through 6.0.0. The issue arises in the 'changeLanguage' function within 'src/main/java/co/yiiu/pybbs/controller/front/IndexController.java'. The vulnerability allows for manipulation of the 'referer' header, leading to unauthorized redirection. This issue can be exploited remotely and has been publicly disclosed.

Impact

Exploitation of this vulnerability allows for open redirection, which can be used in phishing attacks by redirecting users to malicious sites.

Reproduction

To reproduce this vulnerability, send a GET request to the '/changeLanguage' endpoint with a 'referer' header set to an external URL. The absence of a 'referer' will default the redirection to the home page.

Remediation

Users are advised to update to the latest version of atjiu pybbs, where this vulnerability has been patched.

Added: Aug 10, 2025, 3:19 PM

Updated: Aug 10, 2025, 3:19 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.8

exploitability

7.7

remediation

7.7

relevance

0.3

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.8

exploitability

7.7

remediation

7.7

relevance

0.3

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

atjiu pybbs Open Redirect Vulnerability in Language Change Function

Vulnerability

Impact

Reproduction

Remediation

Affected Products

atjiu pybbs

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating