CVE-2012-4032

NUCLEI

Websitepanel < 1.2.1 - Improper Input Validation

Title source: rule

Description

Open redirect vulnerability in the login page in WebsitePanel before 1.2.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in ReturnUrl to Default.aspx.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Anastasios Monachos · textwebappsasp

https://www.exploit-db.com/exploits/37488

View Code ZIP pw:eip

Nuclei Templates (1)

WebsitePanel before v1.2.2.1 - Open Redirect

MEDIUMby ctflearner

Shodan: title:"WebsitePanel" html:"login" || http.title:"websitepanel" html:"login"

FOFA: title="websitepanel" html:"login"

References (6)

[Exploit] http://osvdb.org/83689

[Exploit] http://packetstormsecurity.org/files/114541/WebsitePanel-CMS-Open-Redirect.html

[Vendor Advisory] http://secunia.com/advisories/49813

[Various Sources] http://websitepanel.codeplex.com/workitem/224

[Exploit] http://www.securityfocus.com/bid/54346

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/76803

Scores

EPSS 0.0828

EPSS Percentile 92.3%

Details

CWE

CWE-20

Status published

Products (7)

websitepanel/websitepanel 1.0.0

websitepanel/websitepanel 1.0.1

websitepanel/websitepanel 1.0.2

websitepanel/websitepanel 1.1.0

websitepanel/websitepanel 1.1.2

websitepanel/websitepanel 1.2.0

websitepanel/websitepanel < 1.2.1

Published Jul 17, 2012

Tracked Since Feb 18, 2026