CVE-2008-2052
MEDIUM EXPLOITED NUCLEIBitrix Site Manager 6.5 - Open Redirect via redirect.php goto Parameter
Title source: llmExploitation Summary
CVE-2008-2052 has been observed exploited in the wild (reported by VulnCheck KEV). A Nuclei detection template is also available.
Description
Open redirect vulnerability in redirect.php in Bitrix Site Manager 6.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the goto parameter.
Nuclei Templates (1)
Bitrix Site Management 2.x - Open Redirect
MEDIUMby pikpikcu,gtrrnr,liangtovi-debug
Shodan:
html:"/bitrix/"
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/42157
Broken Link x_refsource_misc
http://holisticinfosec.org/content/view/62/45/
Scores
CVSS v3
6.1
EPSS
0.0122
EPSS Percentile
79.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
VulnCheck KEV
2024-09-19
CWE
CWE-601
Status
published
Products (1)
bitrix24/bitrix_site_manager
6.5
Published
May 02, 2008
Tracked Since
Feb 18, 2026