CVE-2024-37657
BaseFortify
Publication date: 2025-07-07
Last updated on: 2025-07-10
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sir | gnuboard | 5.5.16 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-601 | The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Open Redirect issue in Gnuboard version 5.5.16, specifically in the login.php script under the /bbs/ path. It occurs because the URL parameter does not properly filter backslash characters ("\"), allowing attackers to craft URLs that redirect users to arbitrary external domains. This happens due to insufficient input validation on the 'url' GET parameter, which uses strip_tags() but fails to block backslashes. As a result, attackers can bypass host validation and redirect users to phishing or malicious sites. [1]
How can this vulnerability impact me? :
This vulnerability can impact you by enabling attackers to redirect users to malicious or phishing websites through crafted URLs. This can lead to users being tricked into divulging sensitive information, downloading malware, or other harmful actions. The open redirect can be exploited to undermine user trust and compromise security by facilitating phishing attacks. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing the /bbs/login.php URL parameter 'url' for improper handling of backslash characters. For example, you can use curl or wget commands to send requests with crafted URLs containing backslashes to see if redirection occurs. Example command: curl -I 'https://yourdomain.com/gnuboard5/bbs/login.php?url=\evil.com' and observe if the response redirects to an external domain. If redirection happens, the system is vulnerable. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation involves updating the login.php script to validate the 'url' parameter properly. Specifically, implement a check for backslash characters using a regular expression (e.g., preg_match('/\\/', $url)) and reject or sanitize any URLs containing backslashes. Additionally, use a function like check_url_host($url) to ensure the URL host is valid and redirect users to a safe default URL if validation fails. Applying this fix prevents open redirects and protects against phishing attacks. [1]