This issue may be exploited by tricking the user to navigate to a malicious page. In the example below we can see how to exploit the vulnerability. The red arrow points to the location where the user is redirected if they follow the malicious link. The user is redirected to the /csms/admin/ page, which then loads the /csms/submit.php component. The component /csms/admin/ allows users to create a new account. An attacker could manipulate this component by entering a malicious link. The user is then redirected to the component /csms/admin/?page=user/list and manipulated to enter a malicious link. A malicious link could appear as below. The user is then redirected to the component /csms/admin/?page=user/list and manipulated to enter a malicious link. An attacker could, for example, trick the user to click on a link that directs to a fake login page. The user is then manipulated to enter a password or passphrase that could be used to access the affected system.
How to exploit the vulnerability?
An attacker could exploit this vulnerability by tricking the user to navigate to a malicious page.
How do I detect if my site is vulnerable?
It is possible to use the following steps to determine if your site is vulnerable.
1. Request a list of links on your website.
2. Request that all links return 404 errors, except for one link which returns a 302 redirect to https://www.google.com/.
3. If this 302 redirect does not return any error message, it is likely that you are vulnerable to CVE-2022-3546 and should implement a fix as soon as possible!
Timeline
Published on: 10/17/2022 12:15:00 UTC
Last modified on: 10/19/2022 04:26:00 UTC