Open Redirect in forkcms/forkcms


Reported on

Mar 23rd 2021

✍️ Description

The forkcms is vulnerable to Open Redirect through invalid characters in the URL path.

🕵️‍♂️ Proof of Concept

With an authenticated user, access: http://localhost/private/en/authentication?querystring=/%01/

💥 Impact

This vulnerability allows attackers to fool victims to access fake URLs.

to join this conversation