Miggo Logo
Miggo Vulnerability Database
CVE-2022-27463

CVE-2022-27463: Open redirect in wwbn/avideo

6.1

CVSS Score
3.1

Basic Information

CVE ID
CVE-2022-27463
GHSA ID
GHSA-34hv-f45p-4qfq
EPSS Score
0.4125%
CWE
CWE-601
Published
4/6/2022
Updated
1/27/2023
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
wwbn/avideocomposer<= 11.6

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from the insecure validation of the redirectUri parameter in objects/login.json.php. The original code checked if the redirectUri started with the webSiteRootURL using a regex (preg_match). This check could be bypassed via subdomain tricks (e.g., http://legit.example.com.attacker.com). The patch replaced this check with the isSameDomain() function, which properly validates domain ownership. The regex-based validation in the main script logic (not a named function) was the root cause, making the entire script's redirect handling vulnerable.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Op*n r**ir**t vuln*r**ility in o*j**ts/lo*in.json.p*p in WW*N *Vi**o t*rou** **.*, *llows *tt**k*rs to *r*itr*rily r**ir**t us*rs *rom * *r**t** url to t** lo*in p***. * p*t** is *v*il**l* on t** `m*st*r` *r*n** o* t** r*pository.

Reasoning

T** vuln*r**ility st*ms *rom t** ins**ur* `v*li**tion` o* t** `r**ir**tUri` p*r*m*t*r in `o*j**ts/lo*in.json.p*p`. T** ori*in*l *o** ****k** i* t** `r**ir**tUri` st*rt** wit* t** `w**Sit*RootURL` usin* * r***x (`pr**_m*t**`). T*is ****k *oul* ** *yp*