CVE-2012-5234

EPSS 0.21%
Veröffentlicht 01.10.2012 23:55:01
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Open redirect vulnerability in index.php in ocPortal before 7.1.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ocportal ≫ Ocportal Version <= 7.1.5

Ocportal ≫ Ocportal Version4.0

Ocportal ≫ Ocportal Version4.0.1

Ocportal ≫ Ocportal Version4.0.2

Ocportal ≫ Ocportal Version4.0.3

Ocportal ≫ Ocportal Version4.0.4

Ocportal ≫ Ocportal Version4.0.5

Ocportal ≫ Ocportal Version4.1

Ocportal ≫ Ocportal Version4.1.1

Ocportal ≫ Ocportal Version4.1.2

Ocportal ≫ Ocportal Version4.1.3

Ocportal ≫ Ocportal Version4.1.4

Ocportal ≫ Ocportal Version4.1.5

Ocportal ≫ Ocportal Version4.1.6

Ocportal ≫ Ocportal Version4.1.8

Ocportal ≫ Ocportal Version4.1.9

Ocportal ≫ Ocportal Version4.1.10

Ocportal ≫ Ocportal Version4.1.11

Ocportal ≫ Ocportal Version4.1.12

Ocportal ≫ Ocportal Version4.1.13

Ocportal ≫ Ocportal Version4.2

Ocportal ≫ Ocportal Version4.2 Updatebeta1

Ocportal ≫ Ocportal Version4.2 Updatebeta2

Ocportal ≫ Ocportal Version4.2 Updaterc1

Ocportal ≫ Ocportal Version4.2 Updaterc2

Ocportal ≫ Ocportal Version4.2 Updaterc3

Ocportal ≫ Ocportal Version4.2.1

Ocportal ≫ Ocportal Version4.2.2

Ocportal ≫ Ocportal Version4.3

Ocportal ≫ Ocportal Version4.3 Updaterc1

Ocportal ≫ Ocportal Version4.3 Updaterc2

Ocportal ≫ Ocportal Version4.3 Updaterc3

Ocportal ≫ Ocportal Version4.3.1

Ocportal ≫ Ocportal Version4.3.2

Ocportal ≫ Ocportal Version5.0

Ocportal ≫ Ocportal Version5.0 Updaterc1

Ocportal ≫ Ocportal Version5.0.1

Ocportal ≫ Ocportal Version5.0.2

Ocportal ≫ Ocportal Version5.0.2 Updatebeta1

Ocportal ≫ Ocportal Version5.0.3

Ocportal ≫ Ocportal Version5.1 Updatebeta1

Ocportal ≫ Ocportal Version6.0

Ocportal ≫ Ocportal Version6.0 Updatebeta1

Ocportal ≫ Ocportal Version6.0 Updatebeta2

Ocportal ≫ Ocportal Version6.0 Updaterc1

Ocportal ≫ Ocportal Version6.0 Updaterc2

Ocportal ≫ Ocportal Version6.0 Updaterc3

Ocportal ≫ Ocportal Version6.0.1

Ocportal ≫ Ocportal Version6.0.2

Ocportal ≫ Ocportal Version6.0.3

Ocportal ≫ Ocportal Version6.1

Ocportal ≫ Ocportal Version6.1.1

Ocportal ≫ Ocportal Version6.2 Updaterc1

Ocportal ≫ Ocportal Version7.0

Ocportal ≫ Ocportal Version7.0.1

Ocportal ≫ Ocportal Version7.1

Ocportal ≫ Ocportal Version7.1 Updatebeta1

Ocportal ≫ Ocportal Version7.1.1

Ocportal ≫ Ocportal Version7.1.2

Ocportal ≫ Ocportal Version7.1.3

Ocportal ≫ Ocportal Version7.1.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.21%	0.406

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.8	8.6	4.9	AV:N/AC:M/Au:N/C:P/I:P/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://ocportal.com/site/news/view/new-releases/ocportal-7-1-6-released.htm

Vendor Advisory

http://ocportal.com/site/news/view/ocportal-security-update.htm

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2012-5234

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2012-5234

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2012-5234

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2012-5234