Unrated severityNVD Advisory· Published Apr 3, 2020· Updated Aug 4, 2024
CVE-2020-8143
CVE-2020-8143
Description
An Open Redirect vulnerability was discovered in Revive Adserver version < 5.0.5 and reported by HackerOne user hoangn144. A remote attacker could trick logged-in users to open a specifically crafted link and have them redirected to any destination.The CSRF protection of the “/www/admin/*-modify.php” could be skipped if no meaningful parameter was sent. No action was performed, but the user was still redirected to the target page, specified via the “returnurl” GET parameter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Revive Adserver/Revive Adserverdescription
- Range: <5.0.5
Patches
Vulnerability mechanics
References
2- hackerone.com/reports/794144mitrex_refsource_MISC
- www.revive-adserver.com/security/revive-sa-2020-002/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.