6.1

CVSS Score

3.1

Basic Information

CVE ID

CVE-2020-36665

GHSA ID

GHSA-w2x5-hpmg-j98h

EPSS Score

0.15121%

CWE

CWE-601

Published

7/6/2023

Updated

10/20/2023

KEV Status

Technology

PHP

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2020-36665

CVE-2020-36665: Artesãos SEOTools Open Redirect vulnerability

A vulnerability was found in Artesãos SEOTools up to and including version 0.17.1. This issue affects the function eachValue of the file TwitterCards.php. The manipulation of the argument value leads to open redirect. Upgrading to version 0.17.2 is able to address this issue. The name of the patch is ca27cd0edf917e0bc805227013859b8b5a1f01fb. It is recommended to upgrade the affected component. The identifier VDB-222233 was assigned to this vulnerability.

(GitHub Advisory)

6.1

CVSS Score

3.1

Basic Information

CVE ID

CVE-2020-36665

GHSA ID

GHSA-w2x5-hpmg-j98h

EPSS Score

0.15121%

CWE

CWE-601

Published

7/6/2023

Updated

10/20/2023

KEV Status

Technology

PHP

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
artesaos/seotools	composer	< 0.17.2	0.17.2

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The CVE explicitly identifies the eachValue function in TwitterCards.php as the affected component. The commit diff shows the vulnerability stemmed from unsanitized 'value' parameters in makeTag, which is called by eachValue. While eachValue is the entry point for processing user input, makeTag is where the lack of sanitization directly enabled the open redirect. Both functions are critical to the exploit chain. The patches in SEOMeta.php and OpenGraph.php address similar vulnerabilities but are not explicitly cited in the CVE description.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* vuln*r**ility w*s *oun* in *rt*sãos S*OTools up to *n* in*lu*in* v*rsion *.**.*. T*is issu* *****ts t** *un*tion ****V*lu* o* t** *il* Twitt*r**r*s.p*p. T** m*nipul*tion o* t** *r*um*nt v*lu* l***s to op*n r**ir**t. Up*r**in* to v*rsion *.**.* is *

Reasoning

T** *V* *xpli*itly i**nti*i*s t** `****V*lu*` *un*tion in `Twitt*r**r*s.p*p` *s t** *****t** *ompon*nt. T** *ommit *i** s*ows t** vuln*r**ility st*mm** *rom uns*nitiz** 'v*lu*' p*r*m*t*rs in `m*k*T**`, w*i** is **ll** *y `****V*lu*`. W*il* `****V*lu*

6.1

Basic Information

Concerned about an active attack path?

CVE-2020-36665: Artesãos SEOTools Open Redirect vulnerability

6.1

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI