Home > Vulnerability Database > CVE-2024-31213

Mend.io Vulnerability Database

CVE-2024-31213

Good to know:

Date: April 5, 2024

InstantCMS is a free and open source content management system. An open redirect was found in the ICMS2 application version 2.16.2 when being redirected after modifying one's own user profile. An attacker could trick a victim into visiting their web application, thinking they are still present on the ICMS2 application. They could then host a website stating "To update your profile, please enter your password," upon which the user may type their password and send it to the attacker. As of time of publication, a patched version is not available.

Language: PHP

Severity Score

3.5

Related Resources (3)

Url: https://github.com/instantsoft/icms2/security/advisories/GHSA-6v3c-p92q-prfq

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-31213

Url: https://www.mend.io/vulnerability-database/CVE-2024-31213

Severity Score

3.5

Weakness Type (CWE)

URL Redirection to Untrusted Site ('Open Redirect')

CWE-601

Top Fix

Upgrade Version

Upgrade to version 2.16.3

Learn More

CVSS v3.1

Base Score:	3.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-31213

Good to know:

Date: April 5, 2024

Language: PHP

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?