CVE-2018-1000509
HIGHRedirection 2.7.1 - Authenticated Remote Code Execution via Settings Page AJAX Deserialization
Title source: llmDescription
Redirection version 2.7.1 contains a Serialisation vulnerability possibly allowing ACE vulnerability in Settings page AJAX that can result in could allow admin to execute arbitrary code in some circumstances. This attack appear to be exploitable via Attacker must have access to admin account. This vulnerability appears to have been fixed in 2.8.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://advisories.dxw.com/advisories/unserialization-redirection/
Scores
CVSS v3
7.2
EPSS
0.0206
EPSS Percentile
78.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-502
Status
published
Products (1)
redirection/redirection
2.7.1
Published
Jun 26, 2018
Tracked Since
Feb 18, 2026