CVE-2018-1000509

HIGH

Redirection <2.7.1 - SSRF

Title source: llm

Description

Redirection version 2.7.1 contains a Serialisation vulnerability possibly allowing ACE vulnerability in Settings page AJAX that can result in could allow admin to execute arbitrary code in some circumstances. This attack appear to be exploitable via Attacker must have access to admin account. This vulnerability appears to have been fixed in 2.8.

References (1)

[Exploit, Third Party Advisory] https://advisories.dxw.com/advisories/unserialization-redirection/

Scores

CVSS v3 7.2

EPSS 0.0085

EPSS Percentile 74.6%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-502

Status published

Affected Products (1)

redirection/redirection

Timeline

Published Jun 26, 2018

Tracked Since Feb 18, 2026