CVE-2024-37658

MEDIUM EPSS 13.6%

Published Jul 7, 202511mo ago · Modified Jun 17, 20261w ago

6.1 CVSS 3.1

Medium

Published Jul 7, 2025 11mo ago

Last Modified Jun 17, 2026 1w ago

Description

An open redirect vulnerability in gnuboard5 v.5.5.16 allows a remote attacker to obtain sensitive information via the bbs/member_confirm.php.

Base Score

6.1

Exploitability

2.8

Impact

2.7

Vector string

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction Required

Scope Changed

Confidentiality Low

Integrity Low

Availability None

EPSS Exploit Probability

13.6% percentile

Exploit & Patch Status

Public Exploit Known

Patch Available

CWE-601

Vendor	Product	Version	Range
sir	gnuboard	5.5.16	any

github.com https://github.com/gnuboard/gnuboard5/issues/319

ExploitIssue TrackingVendor Advisory
sir.kr https://sir.kr/g5_pds/7205

Patch