← back
CVE-2014-8305

CVE-2014-8305

EPSS 4.9%
Open redirect vulnerability in the redir function in includes/function.php in C97net Cart Engine before 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer header to (1) index.php, (2) cart.php, (3) msg.php, or (4) page.php.
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/34764unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://seclists.org/fulldisclosure/2014/Sep/55http://www.quantumleap.it/cart-engine-3-0-multiple-vulnerabilities-sql-injection-reflected-xss-open-redirect/