Miggo Logo
Miggo Vulnerability Database
CVE-2008-4104

CVE-2008-4104:
Joomla! Open Redirect vulnerability

5.8

CVSS Score

Basic Information

CVE ID
CVE-2008-4104
GHSA ID
GHSA-9qr2-fx2g-pfvh
EPSS Score
0.00576%
CWE
CWE-601
Published
5/2/2022
Updated
2/19/2024
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
AV:N/AC:M/Au:N/C:N/I:P/A:P
Package NameEcosystemVulnerable VersionsFirst Patched Version
joomla/frameworkcomposer>= 1.5.0, < 1.5.71.5.7

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability description explicitly references improper URL validation in redirect handling. Joomla's framework uses JResponse::redirect for HTTP redirection. Prior to 1.5.7, this function lacked proper validation of the input URL, allowing external URLs to be injected via parameters like 'return'. The CWE-601 classification and references to 'passed in' URLs align with this function's role in processing redirects. The fix in 1.5.7 likely added JURI::isInternal() validation, confirming this as the vulnerable point.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Multipl* op*n r**ir**t vuln*r**iliti*s in Jooml*! *.* ***or* *.*.* *llow r*mot* *tt**k*rs to r**ir**t us*rs to *r*itr*ry w** sit*s *n* *on*u*t p*is*in* *tt**ks vi* * "p*ss** in" URL.

Reasoning

T** vuln*r**ility **s*ription *xpli*itly r***r*n**s improp*r URL v*li**tion in r**ir**t **n*lin*. Jooml*'s *r*m*work us*s `JR*spons*::r**ir**t` *or *TTP r**ir**tion. Prior to *.*.*, t*is *un*tion l**k** prop*r v*li**tion o* t** input URL, *llowin* *x