b2evolution URL Redirection to Untrusted Site (Open Redirect) Vulnerability - CVE-2020-22840 - Vulnerability Database

b2evolution URL Redirection to Untrusted Site (Open Redirect) Vulnerability - CVE-2020-22840

Medium

Reference: CVE-2020-22840

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2020-22840

Title: b2evolution URL Redirection to Untrusted Site (Open Redirect) Vulnerability

Overview:

Open redirect vulnerability in b2evolution CMS version prior to 6.11.6 allows an attacker to perform malicious open redirects to an attacker controlled resource via redirect_to parameter in email_passthrough.php.