CVE-2019-14223

MEDIUM EXPLOITED NUCLEI

Alfresco Community Edition <5.2.6, 6.0.N, 6.1.N - Open Redirect

Title source: llm

Description

An issue was discovered in Alfresco Community Edition versions below 5.2.6, 6.0.N and 6.1.N. The Alfresco Share application is vulnerable to an Open Redirect attack via a crafted POST request. By manipulating the POST parameters, an attacker can redirect a victim to a malicious website over any protocol the attacker desires (e.g.,http, https, ftp, smb, etc.).

Exploits (1)

nomisec SUSPICIOUS

by mbadanoiu · poc

https://github.com/mbadanoiu/CVE-2019-14223

View Code ZIP pw:eip

Nuclei Templates (1)

Alfresco Share - Open Redirect

MEDIUMby pdteam

References (2)

[Vendor Advisory] https://community.alfresco.com/content?filterID=all~objecttype~thread%5Bquestions%5D

[Exploit, Third Party Advisory] https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-14223-Open%20Redirect%20in%20Alfresco%20Share-Alfresco%20Community

Scores

CVSS v3 6.1

EPSS 0.3727

EPSS Percentile 97.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

VulnCheck KEV 2024-01-22

CWE

CWE-601

Status published

Products (3)

alfresco/alfresco 6.0

alfresco/alfresco 6.1

alfresco/alfresco < 5.2.6

Published Sep 06, 2019

Tracked Since Feb 18, 2026