Medium severity6.1NVD Advisory· Published Jul 17, 2017· Updated May 13, 2026

CVE-2017-1000027

Description

Koozali Foundation SME Server versions 8.x, 9.x, 10.x are vulnerable to an open URL redirect vulnerability in the user web login function resulting in unauthorized account access.

Affected products

Koozali/Sme Server4 versions
cpe:2.3:a:koozali:sme_server:8.0:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:koozali:sme_server:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:koozali:sme_server:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:koozali:sme_server:9.2:*:*:*:*:*:*:*
- cpe:2.3:a:koozali:sme_server:10.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

cp270.wordpress.com/2017/02/02/security-advisory-open-url-redirect-in-sme-server/nvdThird Party Advisory
forums.contribs.org/index.php/topic%2C52838.0.htmlnvd

News mentions

No linked articles in our index yet.

cvss	0.397
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000