CVE-2018-8813
Description
Open redirect vulnerability in the login[redirect] parameter login functionality in WolfCMS 0.8.3.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a malformed URL.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Open redirect in WolfCMS 0.8.3.1 login functionality allows phishing via malformed URL in login[redirect] parameter.
Vulnerability
An open redirect vulnerability exists in the login functionality of WolfCMS 0.8.3.1 (and possibly earlier versions) via the login[redirect] parameter. When an attacker supplies a malformed URL, the application fails to validate the redirect target, allowing arbitrary redirection. This is triggered during the login process when the user submits credentials [1].
Exploitation
An attacker can craft a malicious login link containing a manipulated login[redirect] parameter pointing to an attacker-controlled site. The user, after clicking the link and logging in, is redirected to the attacker's site. No authentication or special privileges are required; the attacker only needs to lure the victim to click the crafted URL [1].
Impact
Successful exploitation redirects users to arbitrary websites after login, enabling phishing attacks. The attacker can steal login credentials or other sensitive information by presenting a fake login page. The impact is limited to social engineering and does not directly compromise the server [1].
Mitigation
The vendor recommends upgrading to the latest release. As of the published advisory, the fixed version is not explicitly listed, but upgrading eliminates the vulnerability. No workarounds are documented [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Missing validation of the `login[redirect]` parameter allows an attacker to supply an arbitrary external URL, leading to an open redirect."
Attack vector
An attacker crafts a malformed URL pointing to a legitimate WolfCMS installation and appends a `login[redirect]` parameter set to an arbitrary external site (e.g., `http://[victim-site]/wolfcms/?/admin/login` with `login[redirect]=http://evil.com`). When a victim logs in, the application redirects the browser to the attacker-controlled URL without validation, enabling phishing attacks [ref_id=1]. The attack requires no special privileges—only that the victim visits the crafted login page and submits credentials.
Affected code
The vulnerability resides in the login functionality of WolfCMS 0.8.3.1, specifically in the handling of the `login[redirect]` parameter during the login process at the `/admin/login` endpoint [ref_id=1]. The advisory does not specify the exact file or function name, but the parameter is processed server-side when a user submits login credentials.
What the fix does
No patch or code diff is provided in the advisory. The recommended remediation is to upgrade to the latest release of WolfCMS, which presumably adds validation or sanitization of the `login[redirect]` parameter to ensure only safe, internal URLs are accepted [ref_id=1]. Without a published fix, the advisory does not detail the specific changes made.
Preconditions
- networkThe attacker must have access to a WolfCMS 0.8.3.1 instance's login page (e.g., /?/admin/login).
- inputThe victim must be tricked into visiting the crafted login URL and submitting credentials.
Reproduction
1. Navigate to `http://[URL]/wolfcms/?/admin/login`. 2. Enter valid credentials. 3. Replace the `login[redirect]` parameter value with an arbitrary external URL (e.g., `http://evil.com`). 4. Submit the login form and observe the unvalidated redirect to the attacker-supplied URL [ref_id=1].
Generated on May 25, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
3- www.exploit-db.com/exploits/44421/mitreexploitx_refsource_EXPLOIT-DB
- docs.google.com/document/d/1rdl1yWDJkPuuOFb2sF07_c3twl5uMkH9a-OO2OmYMus/editmitrex_refsource_MISC
- github.com/wolfcms/wolfcms/issues/670mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.