.. / CVE-2023-6786

Exploit for Payment Gateway for Telcell < 2.0.4 - Open Redirect (CVE-2023-6786)

Description:

The plugin does not validate the api_url parameter before redirecting the user to its value, leading to an Open Redirect issue

Nuclei Template

View the template here CVE-2023-6786.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2023/CVE-2023-6786.yaml
Copy

References:

https://wpscan.com/vulnerability/f3e64947-3138-4ec4-86c4-27b5d6a5c9c2/
https://nvd.nist.gov/vuln/detail/CVE-2023-6786