First published: Tue Jul 16 2019(Updated: )
Babel: Multilingual site Babel All is affected by: Open Redirection. The impact is: Redirection to any URL, which is supplied to redirect.php in a "newurl" parameter. The component is: redirect.php. The attack vector is: The victim must open a link created by an attacker. Attacker may use any legitimate site using Babel to redirect user to a URL of his/her choosing.
Credit: josh@bress.net
Affected Software | Affected Version | How to fix |
---|---|---|
Cmsmadesimple Bable\ | <=0.4.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-1010290 is a vulnerability identified as Open Redirection in the multilingual site Babel All, which allows an attacker to redirect the victim to any URL.
The impact of CVE-2019-1010290 is the redirection of the victim to any URL specified by the attacker.
The component affected by CVE-2019-1010290 is redirect.php.
The attack vector for CVE-2019-1010290 is the victim opening a link created by the attacker.
To mitigate CVE-2019-1010290, it is recommended to update Babel All to version 0.4.2 or later.