Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2015-10052

Good to know:

icon

Date: January 15, 2023

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as problematic, was found in calesanz gibb-modul-151. This affects the function bearbeiten/login. The manipulation leads to open redirect. It is possible to initiate the attack remotely. The patch is named 88a517dc19443081210c804b655e72770727540d. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218379. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Language: PHP

Severity Score

Related Resources (5)

https://nvd.nist.gov/vuln/detail/CVE-2015-10052
https://vuldb.com/?id.218379
https://github.com/calesanz/gibb-modul-151/commit/88a517dc19443081210c804b655e72770727540d
https://vuldb.com/?ctiid.218379
https://www.mend.io/vulnerability-database/CVE-2015-10052

Severity Score

Weakness Type (CWE)

URL Redirection to Untrusted Site ('Open Redirect')

CWE-601

Top Fix

icon

Upgrade Version

Upgrade to version bigpaulie/yii2-foundation - no_fix;Kartris - no_fix;pragmaticlinux/foundation-css - no_fix;silverstripe-australia/minimalist-theme - 1.0.1;silverstripe-australia/minimalist-theme - 1.0.0;itlized/zurb-foundation - no_fix;itlized/zurb-foundation - v5.1.1;Foundation5.Core.Sass - no_fix;mkloubert/php-linq - v1.0alpha;molajo/framework - v0.2;zencart/zencart - dev-delete-attrib-preview;zencart/zencart - dev-workflows-update;zencart/zencart - dev-drbyte-category-patch;zencart/zencart - dev-v2-historic;zencart/zencart - dev-revert-6712-translate-order-totals-when-add-new-language;zencart/zencart - dev-dependabot/composer/laravel/symfony/var-dumper-6.4.4;zencart/zencart - dev-patch-flot-library-input;zencart/zencart - dev-email-storename-substitution;zencart/zencart - v2.1.0-alpha2;vikry/shyffon - v3.5.0;vikry/shyffon - no_fix;rydurham/sentinel - v6.0.0;rydurham/sentinel - dev-laravel_9;rydurham/sentinel - v.1.4.15;rydurham/sentinel - v2.0.0;eagle - no_fix;socms/core - v0.1.5.05;socms/core - v0.1.5.04;molajo/molajo - v0.2;rywa/silverstripe-foundation-forms - no_fix;loadsys/skeleton - 2.0.0;loadsys/skeleton - dev-e/variable-replacement;loadsys/skeleton - dev-f/vendor-language-stats;Foundation5.Core - no_fix;vrkansagara/zfskeleton - dev-testing;vrkansagara/zfskeleton - no_fix;phpfui/phpfui - V6.0.71;phpfui/phpfui - V6.0.73;phpfui/phpfui - V6.1.8;phpfui/phpfui - dev-dependabot/npm_and_yarn/subtrees/devbridge/jQuery-Autocomplete/braces-3.0.3;phpfui/phpfui - V6.1.2;phpfui/phpfui - V6.0.21;phpfui/phpfui - dev-dependabot/composer/fortawesome/font-awesome-tw-6;phpfui/phpfui - V6.0.30;wizad/apiblueprint-bundle - no_fix;vufind/vufind - dev-release-5.0;bmatzner/foundation-bundle - no_fix;bmatzner/foundation-bundle - 3.2.3;subugoe/germaniasacra - 0.0.1;subugoe/germaniasacra - no_fix;symbiote-library/silverstripe-minimalist-theme - 1.0.1;symbiote-library/silverstripe-minimalist-theme - 1.0.0;vespula/slim-skeleton - 1.0.0;babaganoush/foundation-bundle - no_fix;ibexa/experience-skeleton - v3.3.3;atlantis-labs/atlantis3 - no_fix;components/foundation - 5.0.2;a4fteam/admpanel - no_fix;linchpinstudios/yii2-foundation - no_fix;avantassel/avt-api-docs - no_fix;designs2/foundation-to-contao - no_fix;designs2/foundation-to-contao - ftc;atlantis-labs/atlantis3_5 - no_fix;atlantis-labs/atlantis3_5 - v0.0.1;atlantis-labs/atlantis4 - 0.1;romm/formz-example - 0.2.0;vrkansagara/code-igniterskeletolapplication - dev-master;bardis/cms-symfony2 - no_fix;ibexa/content-skeleton - v3.3.3;ibexa/commerce-skeleton - v3.3.3;lyon1/pooble-bundle - no_fix;contentinum/content-managment-5 - no_fix;contentinum/content-managment - no_fix;prezire/coldigniter-toolkit - 1.0.5;org.webjars.bower:foundation-datepicker:no_fix

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): LOW
User Interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): LOW
Availability (A): LOW

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): LOW
Authentication (AU): SINGLE
Confidentiality (C): NONE
Integrity (I): PARTIAL
Availability (A): PARTIAL
Additional information:

Do you need more information?

Contact Us