PT-2014-67: Open Redirect in InstantCMS Vulnerable softwareInstantCMS Version: 1.xLink: http://www.instantcms.ru/Severity levelSeverity level: Medium Impact: Open Redirect Access Vector: Remote CVSS v2: Base Score: 5.8 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N)CVE: not assignedSoftware descriptionInstantCMS is a web content management system.Vulnerability descriptionThe specialists of the Positive Research center have detected an Open Redirect vulnerability in InstantCMS.Open redirect in the set.php script allows remote attackers to control user redirection. This vulnerability can be exploited to conduct a series of attacks against users of the web application.How to fix Update your software up to the latest version.Advisory status 26.12.2013 - Vendor gets vulnerability details 28.12.2013 - Vendor releases fixed version and details 26.12.2014 - Public disclosureCreditsThe vulnerability was detected by using Positive Technologies Application Inspector, the application security testing systemReferenceshttp://en.securitylab.ru/lab/PT-2014-67 Reports on the vulnerabilities previously discovered by Positive Research:http://www.ptsecurity.com/research/advisory/ http://en.securitylab.ru/lab/