2020-08-26 10:04
CVE-2020-5541
CyberSolutions CyberMail Pre-Auth Open Redirect
Current Description
An Open Redirect vulnerability for all browsers in in CyberMail version 5 or later version, which will redirect to a malicious site without authentication.
This vulnerability affects many mail system of governments, organizations, companies and universities.
Details
The injection point is ACTION parameter in "/cgi-bin/go".
We execute arbitrary code via ACTION parameter without authentication.
Description
It could allow an unauthenticated, remote attacker to redirect a user to a malicious web page.
Affected files
http://`[Target Domain]`/cgi-bin/go
Contributor
- Tony Kuo (CHT Security)