Moderate severityNVD Advisory· Published Sep 18, 2008· Updated Apr 23, 2026

CVE-2008-4104

Description

Multiple open redirect vulnerabilities in Joomla! 1.5 before 1.5.7 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a "passed in" URL.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
joomla/frameworkPackagist	>= 1.5.0, < 1.5.7	1.5.7

Affected products

Joomla/Joomla!7 versions
cpe:2.3:a:joomla:joomla:1.5:*:*:*:*:*:*:*+ 6 more
- cpe:2.3:a:joomla:joomla:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla:1.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla:1.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla:1.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla:1.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla:1.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla:1.5.6:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-9qr2-fx2g-pfvhghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2008-4104ghsaADVISORY
marc.infonvdWEB
marc.infonvdWEB
marc.infonvdWEB
securityreason.com/securityalert/4275nvdWEB
exchange.xforce.ibmcloud.com/vulnerabilities/45071nvdWEB
web.archive.org/web/20081219152017/http://developer.joomla.org/security/news/274-20080904-core-redirect-spam.htmlghsaWEB
developer.joomla.org/security/news/274-20080904-core-redirect-spam.htmlnvd

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000