Open Redirect Vulnerability in BTITeam XBTIT 2.5.4: Account_change.php returnto Parameter

Open Redirect Vulnerability in BTITeam XBTIT 2.5.4: Account_change.php returnto Parameter

CVE-2018-17870 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:N

An issue was discovered in BTITeam XBTIT 2.5.4. The "returnto" parameter of account_change.php is vulnerable to an open redirect, a different vulnerability than CVE-2018-15683.

Learn more about our Web Application Penetration Testing UK.