CVE-2017-1000027
MEDIUMKoozali Foundation SME Server <10 - Open Redirect
Title source: llmDescription
Koozali Foundation SME Server versions 8.x, 9.x, 10.x are vulnerable to an open URL redirect vulnerability in the user web login function resulting in unauthorized account access.
References (2)
Core 2
Core References
Various Sources x_refsource_misc
https://forums.contribs.org/index.php/topic%2C52838.0.html
Third Party Advisory x_refsource_misc
https://cp270.wordpress.com/2017/02/02/security-advisory-open-url-redirect-in-sme-server/
Scores
CVSS v3
6.1
EPSS
0.0116
EPSS Percentile
63.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-601
Status
published
Products (4)
koozali/sme_server
8.0
koozali/sme_server
9.0
koozali/sme_server
9.2
koozali/sme_server
10.0
Published
Jul 17, 2017
Tracked Since
Feb 18, 2026