CVE-2025-7949
BaseFortify
Publication date: 2025-07-22
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| publiccms | publiccms | to 5.202506.b (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-601 | The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an open redirect issue in Sanluan PublicCMS up to version 5.202506.a. It occurs due to improper handling of the 'url' argument in a specific template file, allowing an attacker to manipulate the URL and redirect users to potentially malicious sites. The vulnerability can be exploited remotely.
How can this vulnerability impact me? :
The vulnerability can lead to users being redirected to malicious websites without their consent, which can facilitate phishing attacks, malware distribution, or other malicious activities. This can harm user trust and potentially compromise user security.
What immediate steps should I take to mitigate this vulnerability?
Apply the provided patch named c1e79f124e3f4c458315d908ed7dee06f9f12a76/f1af17af004ca9345c6fe4d5936d87d008d26e75 to fix the vulnerability in Sanluan PublicCMS up to version 5.202506.a.