CVE-2019-14223

MEDIUM EXPLOITED NUCLEI

Alfresco Community Edition <5.2.6, 6.0.N, 6.1.N - Open Redirect

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2019-14223 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including mbadanoiu. A Nuclei detection template is also available.

AI-analyzed exploit summary The repository claims to provide a PoC for an open redirect vulnerability in Alfresco Share but only includes a README with a link to an external PDF. No actual exploit code or technical details are provided.

Description

An issue was discovered in Alfresco Community Edition versions below 5.2.6, 6.0.N and 6.1.N. The Alfresco Share application is vulnerable to an Open Redirect attack via a crafted POST request. By manipulating the POST parameters, an attacker can redirect a victim to a malicious website over any protocol the attacker desires (e.g.,http, https, ftp, smb, etc.).

Exploits (1)

nomisec SUSPICIOUS
by mbadanoiu · poc
https://github.com/mbadanoiu/CVE-2019-14223

The repository claims to provide a PoC for an open redirect vulnerability in Alfresco Share but only includes a README with a link to an external PDF. No actual exploit code or technical details are provided.

Classification
Suspicious 90%
Attack Type
Other
Complexity
Theoretical
Reliability
Theoretical
Target: Alfresco Share
No auth needed
Prerequisites: None specified
devstral-2 · analyzed Feb 18, 2026 Full analysis →

Nuclei Templates (1)

Alfresco Share - Open Redirect
MEDIUMby pdteam

References (2)

Core 2

Scores

CVSS v3 6.1
EPSS 0.0451
EPSS Percentile 90.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

VulnCheck KEV 2024-01-22
CWE
CWE-601
Status published
Products (3)
alfresco/alfresco 6.0
alfresco/alfresco 6.1
alfresco/alfresco < 5.2.6
Published Sep 06, 2019
Tracked Since Feb 18, 2026