CVE-2024-37658
BaseFortify
Publication date: 2025-07-07
Last updated on: 2025-07-10
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sir | gnuboard | 5.5.16 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-601 | The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability is an Open Redirect issue in Gnuboard5 version 5.5.16, specifically in the member confirmation functionality accessed after user login. It occurs because the URL parameter does not properly filter backslash characters (\), allowing attackers to craft URLs that redirect users to arbitrary external domains. This can be exploited to redirect users to malicious sites such as phishing pages. [1]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to redirect users to malicious external websites, such as phishing sites. This can lead to users being tricked into revealing sensitive information or downloading malware, thereby compromising user security and trust. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
You can detect this vulnerability by checking for HTTP requests to the vulnerable endpoint containing the 'url' parameter with backslash characters (\) before domain names, which indicate attempts to exploit the open redirect. For example, monitoring access logs or network traffic for URLs like '/bbs/member_confirm.php?url=\example.com'. A simple command to search web server logs could be: grep -E 'bbs/member_confirm.php\?url=\\' /path/to/access.log. Additionally, using tools like curl to test the endpoint with crafted URLs can help verify if the system is vulnerable. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation involves applying the security patch released in Gnuboard version 5.5.17, which addresses this open redirect vulnerability among others. The patch includes code changes that validate and sanitize the 'url' parameter by replacing backslashes with forward slashes, normalizing slashes, filtering out invalid characters, and validating the URL host to prevent redirection to arbitrary external domains. Until the patch is applied, consider blocking or filtering requests with suspicious 'url' parameters containing backslashes at the web server or application firewall level. [1, 2]