Bitrix Site Manager 6.5 redirect.php goto link following

A vulnerability classified as critical was found in Bitrix Site Manager 6.5. Affected by this vulnerability is an unknown code block of the file redirect.php. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Field03/16/2015 05:00 PM11/14/2017 01:48 PM
vendorBitrixBitrix
nameSite ManagerSite Manager
version6.56.5
fileredirect.phpredirect.php
argumentgotogoto
cwe59 (link following)59 (link following)
cvss2_vuldb_basescore4.34.3
cvss2_vuldb_tempscore3.53.5
cvss2_vuldb_avNN
cvss2_vuldb_acMM
cvss2_vuldb_auNN
cvss2_vuldb_ciNN
cvss2_vuldb_iiPP
cvss2_vuldb_aiNN
cvss2_nvd_avNN
cvss2_nvd_acMM
cvss2_nvd_auNN
cvss2_nvd_ciNN
cvss2_nvd_iiPP
cvss2_nvd_aiNN
cvss3_meta_basescore5.35.3
cvss3_meta_tempscore4.74.7
cvss3_vuldb_basescore5.35.3
cvss3_vuldb_tempscore4.74.7
date1209686400 (05/02/2008)1209686400 (05/02/2008)
price_0day$0-$5k$0-$5k
cveCVE-2008-2052CVE-2008-2052
cve_nvd_published12096864001209686400
cve_nvd_summaryOpen redirect vulnerability in redirect.php in Bitrix Site Manager 6.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the goto parameter.Open redirect vulnerability in redirect.php in Bitrix Site Manager 6.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the goto parameter.
xforce4215742157
xforce_titleBitrix Site Manager redirect.php security bypassBitrix Site Manager redirect.php security bypass
xforce_identifierbitrix-redirect-security-bypassbitrix-redirect-security-bypass
risk22
cvss3_vuldb_uiNN
locationWebsiteWebsite
cvss2_vuldb_eUU
cvss2_vuldb_rlUU
cvss2_vuldb_rcURUR
cvss3_vuldb_eUU
cvss3_vuldb_rlUU
cvss3_vuldb_rcRR
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_prNN
cvss3_vuldb_sUU
cvss3_vuldb_cNN
cvss3_vuldb_iLL
cvss3_vuldb_aNN
urlhttp://xforce.iss.net/xforce/xfdb/42157
cve_assigned1209686400 (05/02/2008)

Do you need the next level of professionalism?

Upgrade your account now!