CVE-2011-5252

NUCLEI

Orchard - Improper Input Validation

Title source: rule

Description

Open redirect vulnerability in Users/Account/LogOff in Orchard 1.0.x before 1.0.21, 1.1.x before 1.1.31, 1.2.x before 1.2.42, and 1.3.x before 1.3.10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the ReturnUrl parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Mesut Timur · textwebappsphp

https://www.exploit-db.com/exploits/36493

View Code ZIP pw:eip

Nuclei Templates (1)

Orchard 'ReturnUrl' Parameter URI - Open Redirect

MEDIUMby ctflearner

References (6)

[Various Sources] http://orchard.codeplex.com/discussions/283667

[Exploit] http://archives.neohapsis.com/archives/bugtraq/2012-01/0023.html

[Vendor Advisory] http://secunia.com/advisories/47398

[Exploit] http://www.mavitunasecurity.com/open-redirection-vulnerability-in-orchard/

[Exploit] http://www.securityfocus.com/bid/51260

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/72110

Scores

EPSS 0.1720

EPSS Percentile 95.0%

Details

CWE

CWE-20

Status published

Products (9)

orchardproject/orchard 1.0

orchardproject/orchard 1.0.20

orchardproject/orchard 1.1

orchardproject/orchard 1.1.30

orchardproject/orchard 1.2

orchardproject/orchard 1.2.41

orchardproject/orchard 1.3

orchardproject/orchard 1.3.9

orchardproject/orchard 1.3.10

Published Jan 12, 2013

Tracked Since Feb 18, 2026