Common Weakness Enumeration

CWE-698

Allowed

Execution After Redirect (EAR)

Abstraction: Base · Status: Incomplete

The web application sends a redirect to another location, but instead of exiting, it executes additional code.

31 vulnerabilities reference this CWE, most recent first.

GHSA-8MQV-CX74-94CC

Vulnerability from github – Published: 2024-03-18 00:30 – Updated: 2024-03-18 00:30
VLAI
Details

A vulnerability was found in SourceCodester Employee Task Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin-manage-user.php. The manipulation leads to execution after redirect. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257072.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-2569"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-698"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-03-18T00:15:07Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability was found in SourceCodester Employee Task Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin-manage-user.php. The manipulation leads to execution after redirect. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257072.",
  "id": "GHSA-8mqv-cx74-94cc",
  "modified": "2024-03-18T00:30:44Z",
  "published": "2024-03-18T00:30:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2569"
    },
    {
      "type": "WEB",
      "url": "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Employee%20Task%20Management%20System/Execution%20After%20Redirect%20-%20admin-manage-user.php.md"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.257072"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.257072"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H629-98WC-662F

Vulnerability from github – Published: 2025-09-10 18:30 – Updated: 2025-09-10 18:30
VLAI
Details

A security vulnerability has been detected in ScriptAndTools Real Estate Management System 1.0. The affected element is an unknown function of the file /admin/userlist.php. Such manipulation leads to execution after redirect. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-9848"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-698"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-03T02:15:38Z",
    "severity": "MODERATE"
  },
  "details": "A security vulnerability has been detected in ScriptAndTools Real Estate Management System 1.0. The affected element is an unknown function of the file /admin/userlist.php. Such manipulation leads to execution after redirect. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.",
  "id": "GHSA-h629-98wc-662f",
  "modified": "2025-09-10T18:30:14Z",
  "published": "2025-09-10T18:30:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9848"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.322197"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.322197"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.641980"
    },
    {
      "type": "WEB",
      "url": "https://www.websecurityinsights.my.id/2025/08/real-estate-management-system-v-10-user.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-H96F-QXW6-VQ8X

Vulnerability from github – Published: 2025-05-13 18:30 – Updated: 2025-05-13 18:30
VLAI
Details

NetAlertX 24.7.18 before 24.10.12 allows unauthenticated file reading because an HTTP client can ignore a redirect, and because of factors related to strpos and directory traversal, as exploited in the wild in May 2025. This is related to components/logs.php.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-48766"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22",
      "CWE-698"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-13T16:15:23Z",
    "severity": "HIGH"
  },
  "details": "NetAlertX 24.7.18 before 24.10.12 allows unauthenticated file reading because an HTTP client can ignore a redirect, and because of factors related to strpos and directory traversal, as exploited in the wild in May 2025. This is related to components/logs.php.",
  "id": "GHSA-h96f-qxw6-vq8x",
  "modified": "2025-05-13T18:30:52Z",
  "published": "2025-05-13T18:30:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48766"
    },
    {
      "type": "WEB",
      "url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/scanner/http/netalertx_file_read.rb"
    },
    {
      "type": "WEB",
      "url": "https://rhinosecuritylabs.com/research/cve-2024-46506-rce-in-netalertx"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HFMH-9X76-2Q2H

Vulnerability from github – Published: 2026-02-10 15:30 – Updated: 2026-06-05 15:32
VLAI
Details

Execution After Redirect (EAR) vulnerability in Sarman Soft Software and Technology Services Industry and Trade Ltd. Co. CMS allows JSON Hijacking (aka JavaScript Hijacking), Authentication Bypass.This issue affects CMS: through 10022026.

NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-6967"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-698"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-10T14:16:09Z",
    "severity": "HIGH"
  },
  "details": "Execution After Redirect (EAR) vulnerability in Sarman Soft Software and Technology Services Industry and Trade Ltd. Co. CMS allows JSON Hijacking (aka JavaScript Hijacking), Authentication Bypass.This issue affects CMS: through 10022026.\n\nNOTE: The vendor was contacted early about this disclosure but did not respond in any way.",
  "id": "GHSA-hfmh-9x76-2q2h",
  "modified": "2026-06-05T15:32:07Z",
  "published": "2026-02-10T15:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6967"
    },
    {
      "type": "WEB",
      "url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0050"
    },
    {
      "type": "WEB",
      "url": "https://www.usom.gov.tr/bildirim/tr-26-0050"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HQ42-5RXW-2578

Vulnerability from github – Published: 2026-02-27 00:31 – Updated: 2026-02-27 00:31
VLAI
Details

A vulnerability has been found in go2ismail Asp.Net-Core-Inventory-Order-Management-System up to 9.20250118. Affected is an unknown function of the component Administrative Interface. Such manipulation leads to execution after redirect. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-3262"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-698"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-26T22:20:51Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability has been found in go2ismail Asp.Net-Core-Inventory-Order-Management-System up to 9.20250118. Affected is an unknown function of the component Administrative Interface. Such manipulation leads to execution after redirect. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
  "id": "GHSA-hq42-5rxw-2578",
  "modified": "2026-02-27T00:31:45Z",
  "published": "2026-02-27T00:31:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3262"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Ghufran2/CVE-Asp.Net-Core-Inventory-Order-Management-System-Advisories/blob/main/Asp.Net-Core-Inventory-Order-Management-System%20Privilege%20Escalation%20via%20Client-Side%20Redirect%20Bypass.md"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.347985"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.347985"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.758333"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-JQG2-VWG3-WVHV

Vulnerability from github – Published: 2026-02-27 00:31 – Updated: 2026-02-27 00:31
VLAI
Details

A vulnerability was determined in go2ismail Free-CRM up to b83c40a90726d5e58f0cc680ffdcaa28a03fb5d1. Affected by this issue is some unknown functionality of the component Administrative Interface. Executing a manipulation can lead to execution after redirect. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. The vendor was contacted early about this disclosure but did not respond in any way.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-3264"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-698"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-26T23:16:37Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was determined in go2ismail Free-CRM up to b83c40a90726d5e58f0cc680ffdcaa28a03fb5d1. Affected by this issue is some unknown functionality of the component Administrative Interface. Executing a manipulation can lead to execution after redirect. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. The vendor was contacted early about this disclosure but did not respond in any way.",
  "id": "GHSA-jqg2-vwg3-wvhv",
  "modified": "2026-02-27T00:31:45Z",
  "published": "2026-02-27T00:31:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3264"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Ghufran2/CVE-Free-CRM-Advisories/blob/main/Free-CRM%20Privilege%20Escalation%20via%20Client-Side%20Redirect%20Authorization%20Bypass.md"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.347987"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.347987"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.758337"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-M6QM-X65X-R3HH

Vulnerability from github – Published: 2024-03-19 12:30 – Updated: 2024-03-19 15:30
VLAI
Details

A vulnerability has been discovered in Cegid Meta4 HR that consists of execution after redirect. This vulnerability could allow an attacker to bypass the security measures of the applications by accessing the webappconfig.jsp file directly and canceling the redirect request, leading to the configuration file inside the application, in which an attacker could modify different parameters.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-2635"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-698"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-03-19T12:15:09Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability has been discovered in Cegid Meta4 HR that consists of execution after redirect. This vulnerability could allow an attacker to bypass the security measures of the applications by accessing the webappconfig.jsp file directly and canceling the redirect request, leading to the configuration file inside the application, in which an attacker could modify different parameters. ",
  "id": "GHSA-m6qm-x65x-r3hh",
  "modified": "2024-03-19T15:30:32Z",
  "published": "2024-03-19T12:30:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2635"
    },
    {
      "type": "WEB",
      "url": "https://www.cegid.com/global/meta4-es-joins-cegid"
    },
    {
      "type": "WEB",
      "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-meta4-hr-cegid"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-P4WC-MHJ4-G4GX

Vulnerability from github – Published: 2024-03-18 03:30 – Updated: 2024-03-18 03:30
VLAI
Details

A vulnerability was found in SourceCodester Employee Task Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /task-details.php. The manipulation leads to execution after redirect. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257075.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-2572"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-698"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-03-18T01:15:48Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability was found in SourceCodester Employee Task Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /task-details.php. The manipulation leads to execution after redirect. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257075.",
  "id": "GHSA-p4wc-mhj4-g4gx",
  "modified": "2024-03-18T03:30:32Z",
  "published": "2024-03-18T03:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2572"
    },
    {
      "type": "WEB",
      "url": "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Employee%20Task%20Management%20System/Execution%20After%20Redirect%20-%20task-details.php.md"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.257075"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.257075"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PM9F-6XV8-J2XF

Vulnerability from github – Published: 2024-03-18 03:30 – Updated: 2024-03-18 03:30
VLAI
Details

A vulnerability was found in SourceCodester Employee Task Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /manage-admin.php. The manipulation leads to execution after redirect. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257074 is the identifier assigned to this vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-2571"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-698"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-03-18T01:15:48Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability was found in SourceCodester Employee Task Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /manage-admin.php. The manipulation leads to execution after redirect. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257074 is the identifier assigned to this vulnerability.",
  "id": "GHSA-pm9f-6xv8-j2xf",
  "modified": "2024-03-18T03:30:32Z",
  "published": "2024-03-18T03:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2571"
    },
    {
      "type": "WEB",
      "url": "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Employee%20Task%20Management%20System/Execution%20After%20Redirect%20-%20manage-admin.php.md"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.257074"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.257074"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PWRV-JH4G-7CJW

Vulnerability from github – Published: 2024-03-18 03:30 – Updated: 2024-03-18 03:30
VLAI
Details

A vulnerability classified as critical has been found in SourceCodester Employee Task Management System 1.0. Affected is an unknown function of the file /task-info.php. The manipulation leads to execution after redirect. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257076.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-2573"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-698"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-03-18T01:15:48Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability classified as critical has been found in SourceCodester Employee Task Management System 1.0. Affected is an unknown function of the file /task-info.php. The manipulation leads to execution after redirect. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257076.",
  "id": "GHSA-pwrv-jh4g-7cjw",
  "modified": "2024-03-18T03:30:32Z",
  "published": "2024-03-18T03:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2573"
    },
    {
      "type": "WEB",
      "url": "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Employee%20Task%20Management%20System/Execution%20After%20Redirect%20-%20task-info.php.md"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.257076"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.257076"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.