CVE-2008-3261

CVE

MediumConfirmedExploit available

Open redirect vulnerability in claroline/redirector.php in Claroline before 1.8.10 allows remote attackers to redirect users to arbitrary w…

CVSS

4.3

Medium

EPSS

0.04

p89

Published

2008-01-01

Updated

2008-01-01

Description

Open redirect vulnerability in claroline/redirector.php in Claroline before 1.8.10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter.

Tags · CWE

CWE-59

CAPEC-17

CAPEC-35

CAPEC-76

CAPEC-132

Affected products

Claroline ≤ 1.8.9Claroline

CVSS vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Timeline

2008-01-01

Published

2008-01-01

Updated

CVSS 3.1 breakdown

Attack Vector

AV: N

Network (N)

Attack Complexity

AC: M

Medium

Authentication

Au: N

None (N)

Confidentiality Impact

C: N

None (N)

Integrity Impact

I: P

Partial

Availability Impact

A: N

None (N)

Exploit indicators

EPSS

0.045 · p89

Known exploited (KEV)

MITRE ATT&CK

Inferred via CAPEC

T1027.006HTML Smuggling

└ via CAPEC-35 · CWE-59

T1027.009Embedded Payloads

└ via CAPEC-35 · CWE-59

T1547.009Shortcut Modification

└ via CAPEC-132 · CWE-59

T1564.009Resource Forking

└ via CAPEC-35 · CWE-59

T1574.005Executable Installer File Permissions Weakness

└ via CAPEC-17 · CWE-59

T1574.010Services File Permissions Weakness

└ via CAPEC-17 · CWE-59

Known exploits — Сканер-ВС

32071

exploitdb · https://www.exploit-db.com/exploits/32071

Enterprise

Affected software

Product	Vendor	Status
claroline	*	Tracked

Source databases

CVE