CVE-2009-4788

Pligg CMS < 1.0.2 - Open Redirect via Return Parameter or HTTP Referer Header

Title source: llm
STIX 2.1

Description

Multiple open redirect vulnerabilities in Pligg 1.0.2 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the (1) return parameter to pligg/login.php and the (2) HTTP Referer header to user_settings.php.

References (3)

Core 3
Core References
Various Sources x_refsource_misc
http://holisticinfosec.org/content/view/130/45/
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/37349

Scores

EPSS 0.0104
EPSS Percentile 59.9%

Details

CWE
CWE-20
Status published
Products (7)
pligg/pligg_cms 1.0.0 (6 CPE variants)
pligg/pligg_cms 1.0.1
pligg/pligg_cms 9.5
pligg/pligg_cms 9.9
pligg/pligg_cms 9.9.0 (2 CPE variants)
pligg/pligg_cms 9.9.5 (2 CPE variants)
pligg/pligg_cms < 1.0.2
Published Apr 21, 2010
Tracked Since Feb 18, 2026