PT-2014-67: Open Redirect in InstantCMS
Severity level: Medium
Impact: Open Redirect
Access Vector: Remote
Base Score: 5.8
CVE: not assigned
InstantCMS is a web content management system.
The specialists of the Positive Research center have detected an Open Redirect vulnerability in InstantCMS.
Open redirect in the set.php script allows remote attackers to control user redirection. This vulnerability can be exploited to conduct a series of attacks against users of the web application.
How to fix
Update your software up to the latest version.
26.12.2013 - Vendor gets vulnerability details
28.12.2013 - Vendor releases fixed version and details
26.12.2014 - Public disclosure
The vulnerability was detected by using Positive Technologies Application Inspector, the application security testing system
Reports on the vulnerabilities previously discovered by Positive Research: