CVE-2023-0748

MEDIUM

btcpayserver < 1.7.6 - Open Redirect

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-0748. PoCs published by gonzxph.

AI-analyzed exploit summary This PoC demonstrates an open redirect vulnerability in BTCPayServer 1.7.5 and lower, where the `returnUrl` parameter in the recovery seed backup endpoint can be manipulated to redirect users to an arbitrary domain. The attack requires user interaction to click a crafted link and confirm an action.

Description

Open Redirect in GitHub repository btcpayserver/btcpayserver prior to 1.7.6.

Exploits (1)

nomisec WORKING POC

by gonzxph · poc

https://github.com/gonzxph/CVE-2023-0748

View Code ZIP pw:eip

This PoC demonstrates an open redirect vulnerability in BTCPayServer 1.7.5 and lower, where the `returnUrl` parameter in the recovery seed backup endpoint can be manipulated to redirect users to an arbitrary domain. The attack requires user interaction to click a crafted link and confirm an action.

Classification

Working Poc 100%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: BTCPayServer <= 1.7.5

Auth required

Prerequisites: User must be logged in · User must click a crafted link · User must confirm action

MITRE ATT&CK

T1566.002 - Spearphishing Link

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Patch

https://github.com/btcpayserver/btcpayserver/pull/4575/commits/c2cfa17e9619046b43987627b8429541d2834109

Exploit, Third Party Advisory

https://huntr.dev/bounties/1a0403b6-9ec9-4587-b559-b1afba798c86

Scores

CVSS v3 6.4

EPSS 0.0061

EPSS Percentile 44.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-601

Status published

Products (1)

btcpayserver/btcpayserver < 1.7.6

Published Feb 08, 2023

Tracked Since Feb 18, 2026