| Titre | CloudPanel CloudPanel Community Edition 2.5.1 URL Redirection to Untrusted Site ('Open Redirect') |
|---|
| Description | CloudPanel Community Edition (CE) before v2.5.2 contains an open redirect vulnerability in the "/admin/users" endpoint due to improper validation of the Referer HTTP header, allowing an attacker to supply a crafted external URL that triggers a 302 redirect to an arbitrary domain, which can be leveraged for phishing attacks by redirecting users from a legitimate CloudPanel page to a malicious website. |
|---|
| La source | ⚠️ https://github.com/Stolichnayer/cloudpanel-open-redirect |
|---|
| Utilisateur | alexperrakis (UID 85369) |
|---|
| Soumission | 28/12/2025 21:41 (il y a 4 mois) |
|---|
| Modérer | 29/12/2025 09:10 (11 hours later) |
|---|
| Statut | Accepté |
|---|
| Entrée VulDB | 338631 [CloudPanel Community Edition jusqu’à 2.5.1 HTTP Header /admin/users Referer Redirect] |
|---|
| Points | 19 |
|---|