Authored by Nakul Ratti, Soham Bakore

b2evolution CMS version 6.11.6 suffers from an open redirection vulnerability.

advisories | CVE-2020-22840

# Exploit Title: *Open redirect in b2evolution CMS 6.11.6 redirect_to
parameter in email_passthrough.php*
# Google Dork: N/A
# Date: 10/02/2021
# Exploit Author: Soham Bakore, Nakul Ratti
# Vendor Homepage:
# Software Link:
# Version: 6.11.6
# Tested on: latest version of Chrome, Firefox on Windows and Linux
# CVE : *CVE-2020-22840*

Vulnerable File:
http://host/htsrv/email_passthrough.php <http://host/evoadm.php>

Vulnerable Issue:
redirect_to parameter has no input validation/domain whitelisting.

--------------------------Proof of Concept-----------------------
Steps to Reproduce:

1. Send the following link :
the unsuspecting user
2. The user will be redirected to or any other attacker
controlled domain
3. This can be used to perform malicious phishing campaigns on unsuspecting