Attacker vulnerability.
I found a critical vulnerability on this CMS, which allows any attacker to takeover/reset any victim's account without any victim action. See attached document.
I found a critical vulnerability on this CMS, which allows any attacker to takeover/reset any victim's account without any victim action. See attached document.
I'm not convinced this is a real vulnerability. If a hacker can update the url on your website, then couldn't they just send you to the malicious website in the first place? I can work on this and fix it so it won't redirect off of your website, but I'm not sure this is really worth spending time on or worrying about. The bug seems to assume they can update the url on your website to change the url parameter, but couldn't just update the url itself?
Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.
These out-of-the-box solutions provide you proven, tested applications that can be up and running now. Build a store, a gallery, or a web-based email solution.