Open Redirect in forkcms/forkcms
Mar 23rd 2021
forkcms is vulnerable to
Open Redirect through invalid characters in the URL path.
🕵️♂️ Proof of Concept
With an authenticated user, access: http://localhost/private/en/authentication?querystring=/%01/effectrenan.com
This vulnerability allows attackers to fool victims to access fake URLs.