Primary

Context

Pachno Open Redirection Vulnerability in Version 1.0.6

Vulnerability

An open redirection vulnerability has been identified in Pachno version 1.0.6. This vulnerability allows attackers to redirect users to arbitrary external websites by manipulating the return_to parameter in login URLs. The lack of proper validation for the return_to values can be exploited to conduct phishing attacks and steal user credentials.

Impact

Exploitation of this vulnerability could lead to open redirection, allowing for phishing attacks and credential theft.

Reproduction

To reproduce this vulnerability, send a login request with a manipulated return_to parameter that points to an external website. The return_to value is not properly validated, allowing for redirection to the specified external site.

Added: Apr 13, 2026, 7:39 PM

Updated: Apr 13, 2026, 7:39 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.2

exploitability

5.6

remediation

0.0

relevance

5.8

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.2

exploitability

5.6

remediation

0.0

relevance

5.8

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Pachno Open Redirection Vulnerability in Version 1.0.6

Vulnerability

Impact

Reproduction

Affected Products

Pachno

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating