OrangeForum 1.4.0 Open Redirection
- Date Published:2019-01-11
- Last Updated:2019-01-11
- Version Affected: OrangeForum 1.4.0
- CVE: CVE-2018-14474 | 106442
The views/auth.go file in Orange Forum version 1.4.0 has an open redirection vulnerability. Attackers can exploit this vulnerability by sending 'next' parameters to /login or /signup to redirect users to any website.
The vendor has issued an update to fix the bug, which can be found at https://github.com/s-gv/orangeforum