Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Open redirect vulnerability in the redir function in includes/function.php in C97net Cart Engine before 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer header to (1) index.php, (2) cart.php, (3) msg.php, or (4) page.php.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
C97net Cart Engine 开放重定向漏洞
Vulnerability Description
C97net Cart Engine是印尼C97net公司的一个免费的购物车脚本,它提供产品选项、搜索引擎、用户权限管理等功能。 C97net Cart Engine 4.0之前版本的includes/function.php脚本中的‘redir’函数存在开放重定向漏洞,该漏洞源于多个脚本(index.php脚本,cart.php脚本,msg.php脚本和page.php脚本)没有充分过滤HTTP Referer头。远程攻击者可借助特制的URL利用该漏洞将用户重定向到任意Web站点,实施钓鱼攻击。
CVSS Information
N/A
Vulnerability Type
N/A