一、 漏洞 CVE-2024-0781 基础信息
漏洞标题
CodeAstro互联网银行系统页面:client_signup.php重定向
来源:AIGC 神龙大模型
漏洞描述信息
The CodeAstro Internet Banking System 1.0 contains a vulnerability that has not yet been classified as serious. The affected file is pages_client_signup.php, and it can be exploited remotely by manipulating the argument "Client Full Name" with the input <meta http-equiv="refresh" content="0; url=https://vuldb.com" />. This leads to an open redirect, which may allow attackers to redirect users to malicious websites or steal sensitive information. This vulnerability has been publicly disclosed and may be used by attackers. The identifier VDB-251697 has been assigned to this vulnerability.
来源:AIGC 神龙大模型
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
来源:AIGC 神龙大模型
漏洞类别
指向未可信站点的URL重定向(开放重定向)
来源:AIGC 神龙大模型
漏洞标题
CodeAstro Internet Banking System pages_client_signup.php redirect
来源:美国国家漏洞数据库 NVD
漏洞描述信息
A vulnerability, which was classified as problematic, was found in CodeAstro Internet Banking System 1.0. This affects an unknown part of the file pages_client_signup.php. The manipulation of the argument Client Full Name with the input <meta http-equiv="refresh" content="0; url=https://vuldb.com" /> leads to open redirect. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251697 was assigned to this vulnerability.
来源:美国国家漏洞数据库 NVD
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
来源:美国国家漏洞数据库 NVD
漏洞类别
指向未可信站点的URL重定向(开放重定向)
来源:美国国家漏洞数据库 NVD
漏洞标题
CodeAstro Internet Banking System 输入验证错误漏洞
来源:中国国家信息安全漏洞库 CNNVD
漏洞描述信息
CodeAstro Internet Banking System是CodeAstro公司的一个PHP网上银行系统。 CodeAstro Internet Banking System 1.0版本存在输入验证错误漏洞,该漏洞源于pages_client_signup.php 中包含未知部分,使用特定输入通过参数 Client Full Name 会导致重定向。
来源:中国国家信息安全漏洞库 CNNVD
CVSS信息
N/A
来源:中国国家信息安全漏洞库 CNNVD
漏洞类别
输入验证错误
来源:中国国家信息安全漏洞库 CNNVD
二、漏洞 CVE-2024-0781 的公开POC
# POC 描述 源链接 神龙链接
三、漏洞 CVE-2024-0781 的情报信息