CVE-2020-13565

Published: Feb 10, 2021

Modified: Aug 4, 2024

PUBLISHED

CVSS v3.0

6.1

MEDIUM

Description

An open redirect vulnerability exists in the return_page redirection functionality of phpGACL 3.3.7, OpenEMR 5.0.2 and OpenEMR development version 6.0.0 (commit babec93f600ff1394f91ccd512bcad85832eb6ce). A specially crafted HTTP request can redirect users to an arbitrary URL. An attacker can provide a crafted URL to trigger this vulnerability.

Vendor	Product	Versions
n/a	phpGACL	affected `OpenEMR 5.0.2,OpenEMR development version 6.0.0 (commit babec93f600ff1394f91ccd512bcad85832eb6ce),phpGACL 3.3.7`

Weaknesses (CWE)

CWE-601

CVSS v3.0 Details

CVSS v3.0 Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

References

https://talosintelligence.com/vulnerability_reports/TALOS-2020-1178

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2020-13565

Description

Affected Products

Weaknesses (CWE)

CVSS v3.0 Details

References