CVE-2014-9343 - Vulnerability Details - OpenCVE

Open redirect vulnerability in modules/system/controller/selectlanguage.class.php in Snowfox CMS 1.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the rd parameter in a submit action to snowfox/.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Globiz Solutions	Snowfox Content Management System

Configuration 1 [-]

cpe:2.3:a:globiz_solutions:snowfox_content_management_system:1.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://osvdb.org/show/osvdb/114850
http://packetstormsecurity.com/files/129162/Snowfox-CMS-1.0-Open-Redirect.html
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5206.php
https://exchange.xforce.ibmcloud.com/vulnerabilities/99128
https://github.com/GlobizSolutions/snowfox/commit/55a8e44a9d9a9a788cc1cde6baf0c2c67e0c736a
https://github.com/GlobizSolutions/snowfox/releases

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2014-12-08T16:00:00

Updated: 2024-08-06T13:40:24.994Z

Reserved: 2014-12-08T00:00:00

Link: CVE-2014-9343

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2014-12-08T16:59:15.870

Modified: 2025-04-12T10:46:40.837

Link: CVE-2014-9343

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-11-19T00:00:00", "descriptions": [{"lang": "en", "value": "Open redirect vulnerability in modules/system/controller/selectlanguage.class.php in Snowfox CMS 1.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the rd parameter in a submit action to snowfox/."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-07T15:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "mantisbt-cve20146316-open-redirect(99128)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99128"}, {"name": "114850", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/show/osvdb/114850"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/GlobizSolutions/snowfox/releases"}, {"tags": ["x_refsource_MISC"], "url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5206.php"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/GlobizSolutions/snowfox/commit/55a8e44a9d9a9a788cc1cde6baf0c2c67e0c736a"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/129162/Snowfox-CMS-1.0-Open-Redirect.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-9343", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Open redirect vulnerability in modules/system/controller/selectlanguage.class.php in Snowfox CMS 1.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the rd parameter in a submit action to snowfox/."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "mantisbt-cve20146316-open-redirect(99128)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99128"}, {"name": "114850", "refsource": "OSVDB", "url": "http://osvdb.org/show/osvdb/114850"}, {"name": "https://github.com/GlobizSolutions/snowfox/releases", "refsource": "MISC", "url": "https://github.com/GlobizSolutions/snowfox/releases"}, {"name": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5206.php", "refsource": "MISC", "url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5206.php"}, {"name": "https://github.com/GlobizSolutions/snowfox/commit/55a8e44a9d9a9a788cc1cde6baf0c2c67e0c736a", "refsource": "CONFIRM", "url": "https://github.com/GlobizSolutions/snowfox/commit/55a8e44a9d9a9a788cc1cde6baf0c2c67e0c736a"}, {"name": "http://packetstormsecurity.com/files/129162/Snowfox-CMS-1.0-Open-Redirect.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/129162/Snowfox-CMS-1.0-Open-Redirect.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T13:40:24.994Z"}, "title": "CVE Program Container", "references": [{"name": "mantisbt-cve20146316-open-redirect(99128)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99128"}, {"name": "114850", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/show/osvdb/114850"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/GlobizSolutions/snowfox/releases"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5206.php"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/GlobizSolutions/snowfox/commit/55a8e44a9d9a9a788cc1cde6baf0c2c67e0c736a"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/129162/Snowfox-CMS-1.0-Open-Redirect.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-9343", "datePublished": "2014-12-08T16:00:00", "dateReserved": "2014-12-08T00:00:00", "dateUpdated": "2024-08-06T13:40:24.994Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:globiz_solutions:snowfox_content_management_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "5010B2A5-BD0F-44C8-AE14-71789155D81C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Open redirect vulnerability in modules/system/controller/selectlanguage.class.php in Snowfox CMS 1.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the rd parameter in a submit action to snowfox/."}, {"lang": "es", "value": "Vulnerabilidad de redirecci\u00f3n abierta en modules/system/controller/selectlanguage.class.php en Snowfox CMS 1.0 permite a atacantes remotos redirigir usuarios a sitios web arbitrarios y realizar ataques de phishing a trav\u00e9s de una URL en el par\u00e1metro rd en una acci\u00f3n submit en snowfox/."}], "evaluatorComment": "<a href=\"http://cwe.mitre.org/data/definitions/601.html\" target=\"_blank\">CWE-601: URL Redirection to Untrusted Site ('Open Redirect')</a>", "id": "CVE-2014-9343", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2014-12-08T16:59:15.870", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/show/osvdb/114850"}, {"source": "cve@mitre.org", "url": "http://packetstormsecurity.com/files/129162/Snowfox-CMS-1.0-Open-Redirect.html"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5206.php"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99128"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "https://github.com/GlobizSolutions/snowfox/commit/55a8e44a9d9a9a788cc1cde6baf0c2c67e0c736a"}, {"source": "cve@mitre.org", "url": "https://github.com/GlobizSolutions/snowfox/releases"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/show/osvdb/114850"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://packetstormsecurity.com/files/129162/Snowfox-CMS-1.0-Open-Redirect.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5206.php"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99128"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "https://github.com/GlobizSolutions/snowfox/commit/55a8e44a9d9a9a788cc1cde6baf0c2c67e0c736a"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/GlobizSolutions/snowfox/releases"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}