NVD

Id
35400  
Name
CVE-2014-8305  
Description
Open redirect vulnerability in the redir function in includes/function.php in C97net Cart Engine before 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer header to (1) index.php, (2) cart.php, (3) msg.php, or (4) page.php.  
Reject
 
CVSS Version
2  
CVSS Score
6.4  
Severity
Medium  
CVSS Base Score
6.4  
CVSS Impact Subscore
4.9  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:P/I:P/A:N)  
Pub Date
2017-01-19  
Published
2014-10-16  
Modified Date
2014-12-16  
Seq
2014-8305  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
181479 35400 CVE-2014-8305 20140916 [Quantum Leap Advisory] #QLA140808 Cart Engine 3.0 Multiple vulnerabilities - SQL Injection, XSS Reflected, Open Redirect  View
181480 35400 CVE-2014-8305 http://www.quantumleap.it/cart-engine-3-0-multiple-vulnerabilities-sql-injection-reflected-xss-open-redirect/  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
16042 JVNDB-2014-004917 C97net Cart Engine の includes/function.php 内の redir 関数におけるオープンリダイレクトの脆弱性 C97net Cart Engine の includes/function.php 内の redir 関数には、オープンリダイレクトの脆弱性が存在します。 CVE-2014-8305 75598 CVE-2014-8305 35400 6.4 http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-004917.html 2014-08-21 2014-12-18 View