Vulnerabilities > CVE-2014-8870 - Arbitrary URI Redirection vulnerability in Tapatalk for WoltLab Burning Board

CVSS 5.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

NONE

network

tapatalk

NVD

Published: 2015-01-15

Updated: 2018-10-09

Summary

Open redirect vulnerability in mobiquo/smartbanner/welcome.php in the Tapatalk (com.tapatalk.wbb4) plugin before 1.1.2 for Woltlab Burning Board 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the board_url parameter. <a href="http://cwe.mitre.org/data/definitions/601.html">CWE-601: URL Redirection to Untrusted Site ('Open Redirect')</a>

Vulnerable Configurations

Part	Description	Count
Application	Tapatalk Tapatalk Tapatalk 1.0.0 Tapatalk Tapatalk 1.0.1 Tapatalk Tapatalk 1.0.2 Tapatalk Tapatalk 1.1.0 Tapatalk Tapatalk 1.1.1	5

Packetstorm

data source	https://packetstormsecurity.com/files/download/129926/woltlab-redirect.txt
id	PACKETSTORM:129926
last seen	2016-12-05
published	2015-01-13
reporter	redteam-pentesting.de
source	https://packetstormsecurity.com/files/129926/WoltLab-Burning-Board-4.0-Tapatalk-Open-Redirect.html
title	WoltLab Burning Board 4.0 Tapatalk Open Redirect

Summary

Vulnerable Configurations

Packetstorm

References