CVE-2024-1240 — MEDIUM (6.1)

Vulnerability Description

An open redirection vulnerability exists in pyload/pyload version 0.5.0. The vulnerability is due to improper handling of the 'next' parameter in the login functionality. An attacker can exploit this vulnerability to redirect users to malicious sites, which can be used for phishing or other malicious activities. The issue is fixed in pyload-ng 0.5.0b3.dev79.

CVSS Score

6.1

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Pyload	Pyload	0.5.0

Related Weaknesses (CWE)

CWE-601

References

https://github.com/pyload/pyload/commit/fe94451dcc2be90b3889e2fd9d07b483c8a6dccdPatch
https://huntr.com/bounties/eef9513d-ccc3-4030-b574-374c5e7b887eExploitThird Party Advisory

FAQ

What is CVE-2024-1240?

CVE-2024-1240 is a vulnerability with a CVSS score of 6.1 (MEDIUM). An open redirection vulnerability exists in pyload/pyload version 0.5.0. The vulnerability is due to improper handling of the 'next' parameter in the login functionality. An attacker can exploit this ...

How severe is CVE-2024-1240?

CVE-2024-1240 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-1240?

Check the references section above for vendor advisories and patch information. Affected products include: Pyload Pyload.