ByteOS Network

NVD Vulnerability Details :

CVE-2009-4788

Deferred

Source-cve@mitre.org

Published At-21 Apr, 2010 | 14:30

Updated At-11 Apr, 2025 | 00:51

Multiple open redirect vulnerabilities in Pligg 1.0.2 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the (1) return parameter to pligg/login.php and the (2) HTTP Referer header to user_settings.php.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:P/A:N

CPE Matches

pligg>>pligg_cms>>Versions up to 1.0.2(inclusive)

cpe:2.3:a:pligg:pligg_cms:*:*:*:*:*:*:*:*

pligg>>pligg_cms>>1.0.0

cpe:2.3:a:pligg:pligg_cms:1.0.0:*:*:*:*:*:*:*

pligg>>pligg_cms>>1.0.0

cpe:2.3:a:pligg:pligg_cms:1.0.0:rc1:*:*:*:*:*:*

pligg>>pligg_cms>>1.0.0

cpe:2.3:a:pligg:pligg_cms:1.0.0:rc2:*:*:*:*:*:*

pligg>>pligg_cms>>1.0.0

cpe:2.3:a:pligg:pligg_cms:1.0.0:rc3:*:*:*:*:*:*

pligg>>pligg_cms>>1.0.0

cpe:2.3:a:pligg:pligg_cms:1.0.0:rc4:*:*:*:*:*:*

pligg>>pligg_cms>>1.0.0

cpe:2.3:a:pligg:pligg_cms:1.0.0:rc5:*:*:*:*:*:*

pligg>>pligg_cms>>1.0.1

cpe:2.3:a:pligg:pligg_cms:1.0.1:*:*:*:*:*:*:*

pligg>>pligg_cms>>9.5

cpe:2.3:a:pligg:pligg_cms:9.5:*:*:*:*:*:*:*

pligg>>pligg_cms>>9.9

cpe:2.3:a:pligg:pligg_cms:9.9:*:*:*:*:*:*:*

pligg>>pligg_cms>>9.9.0

cpe:2.3:a:pligg:pligg_cms:9.9.0:*:*:*:*:*:*:*

pligg>>pligg_cms>>9.9.0

cpe:2.3:a:pligg:pligg_cms:9.9.0:beta:*:*:*:*:*:*

pligg>>pligg_cms>>9.9.5

cpe:2.3:a:pligg:pligg_cms:9.9.5:*:*:*:*:*:*:*

pligg>>pligg_cms>>9.9.5

cpe:2.3:a:pligg:pligg_cms:9.9.5:beta:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-20	Primary	nvd@nist.gov

References

Hyperlink	Source	Resource
http://holisticinfosec.org/content/view/130/45/	cve@mitre.org	N/A
http://secunia.com/advisories/37349	cve@mitre.org	Vendor Advisory
http://www.pligg.com/blog/775/pligg-cms-1-0-3-release/	cve@mitre.org	Patch
http://holisticinfosec.org/content/view/130/45/	af854a3a-2127-422b-91ae-364da2661108	N/A
http://secunia.com/advisories/37349	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
http://www.pligg.com/blog/775/pligg-cms-1-0-3-release/	af854a3a-2127-422b-91ae-364da2661108	Patch

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History