6.1

CVSS Score

Basic Information

CVE ID

CVE-2020-36663

GHSA ID

GHSA-wjg8-pxqj-c3c7

EPSS Score

CWE

CWE-601

Published

7/6/2023

Updated

10/20/2023

KEV Status

Technology

PHP

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2020-36663

CVE-2020-36663:
Artesãos SEOTools Open Redirect vulnerability

A vulnerability, which was classified as problematic, was found in Artesãos SEOTools up to and including version 0.17.1. This affects the function makeTag of the file OpenGraph.php. The manipulation of the argument value leads to open redirect. Upgrading to version 0.17.2 is able to address this issue. The name of the patch is ca27cd0edf917e0bc805227013859b8b5a1f01fb. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222231.

(GitHub Advisory)

6.1

CVSS Score

Basic Information

CVE ID

CVE-2020-36663

GHSA ID

GHSA-wjg8-pxqj-c3c7

EPSS Score

CWE

CWE-601

Published

7/6/2023

Updated

10/20/2023

KEV Status

Technology

PHP

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
artesaos/seotools	composer	< 0.17.2	0.17.2

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The commit ca27cd0 explicitly adds sanitization (str_replace) to these three functions across multiple files, addressing open redirect vulnerabilities. The vulnerability report specifically cites makeTag in OpenGraph.php, and the patch scope confirms related fixes in TwitterCards.php and SEOMeta.php. The CWE-601 classification and the nature of the fixes (removing redirect-related strings) directly correlate to insufficient input validation in these output-generating functions.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* vuln*r**ility, w*i** w*s *l*ssi*i** *s pro*l*m*ti*, w*s *oun* in *rt*sãos S*OTools up to *n* in*lu*in* v*rsion *.**.*. T*is *****ts t** *un*tion m*k*T** o* t** *il* Op*n*r*p*.p*p. T** m*nipul*tion o* t** *r*um*nt v*lu* l***s to op*n r**ir**t. Up*r*

Reasoning

T** *ommit ******* *xpli*itly ***s s*nitiz*tion (str_r*pl***) to t**s* t*r** *un*tions **ross multipl* *il*s, ***r*ssin* op*n r**ir**t vuln*r**iliti*s. T** vuln*r**ility r*port sp**i*i**lly *it*s m*k*T** in Op*n*r*p*.p*p, *n* t** p*t** s*op* *on*irms

6.1

Basic Information

Concerned about an active attack path?

CVE-2020-36663: Artesãos SEOTools Open Redirect vulnerability

6.1

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

CVE-2020-36663:
Artesãos SEOTools Open Redirect vulnerability

Vulnerability Intelligence
Miggo AI