Open Redirect in forkcms/forkcms

Valid

Reported on

Mar 23rd 2021


✍️ Description

The forkcms is vulnerable to Open Redirect through invalid characters in the URL path.

🕵️‍♂️ Proof of Concept

With an authenticated user, access: http://localhost/private/en/authentication?querystring=/%01/effectrenan.com

💥 Impact

This vulnerability allows attackers to fool victims to access fake URLs.

to join this conversation