CVE-2009-4788
Pligg CMS < 1.0.2 - Open Redirect via Return Parameter or HTTP Referer Header
Title source: llmDescription
Multiple open redirect vulnerabilities in Pligg 1.0.2 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the (1) return parameter to pligg/login.php and the (2) HTTP Referer header to user_settings.php.
References (3)
Core 3
Core References
Various Sources x_refsource_misc
http://holisticinfosec.org/content/view/130/45/
Patch x_refsource_confirm
http://www.pligg.com/blog/775/pligg-cms-1-0-3-release/
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/37349
Scores
EPSS
0.0104
EPSS Percentile
59.9%
Details
CWE
CWE-20
Status
published
Products (7)
pligg/pligg_cms
1.0.0 (6 CPE variants)
pligg/pligg_cms
1.0.1
pligg/pligg_cms
9.5
pligg/pligg_cms
9.9
pligg/pligg_cms
9.9.0 (2 CPE variants)
pligg/pligg_cms
9.9.5 (2 CPE variants)
pligg/pligg_cms
< 1.0.2
Published
Apr 21, 2010
Tracked Since
Feb 18, 2026