Summaryinfo

A vulnerability was found in Commerce WeDeal Module up to 7.x-1.2 on Drupal. It has been rated as problematic. This vulnerability affects unknown code. The manipulation leads to redirect. This vulnerability is traded as CVE-2015-3393. There is no exploit available. Upgrading the affected component is advised.

Detailsinfo

A vulnerability, which was classified as critical, has been found in Commerce WeDeal Module up to 7.x-1.2 on Drupal. This issue affects an unknown function. The manipulation with an unknown input leads to a redirect vulnerability. Using CWE to declare the problem leads to CWE-601. A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks. Impacted is confidentiality, and integrity. The summary by CVE is:

Open redirect vulnerability in the Commerce WeDeal module before 7.x-1.3 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter.

The weakness was shared 04/21/2015 (Website). The advisory is shared at drupal.org. The identification of this vulnerability is CVE-2015-3393 since 04/21/2015. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. Neither technical details nor an exploit are publicly available. MITRE ATT&CK project uses the attack technique T1204.001 for this issue.

Upgrading to version 7.x-1.3 eliminates this vulnerability.

The vulnerability is also documented in the databases at X-Force (100656) and SecurityFocus (BID 72563†). If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Productinfo

Name

• Commerce WeDeal Module

Version

• 7.x-1.0
• 7.x-1.1
• 7.x-1.2

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion