CVE-2008-5708

SlimCMS 1.0.0 - Open Redirect

Title source: llm

Description

redirect.php in SlimCMS 1.0.0 does not require authentication, which allows remote attackers to create administrative users by using the newusername and newpassword parameters and setting the newisadmin parameter to 1.

Exploits (1)

exploitdb WORKING POC VERIFIED
by StAkeR · phpwebappsphp
https://www.exploit-db.com/exploits/6729

References (4)

Scores

EPSS 0.0466
EPSS Percentile 89.1%

Classification

CWE
CWE-287
Status draft

Affected Products (1)

slimcms/slimcms

Timeline

Published Dec 24, 2008
Tracked Since Feb 18, 2026