CVEs-PoC/2020/CVE-2020-13565.md

### [CVE-2020-13565](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13565)
![](https://img.shields.io/static/v1?label=Product&message=phpGACL&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-601%3A%20URL%20Redirection%20to%20Untrusted%20Site%20('Open%20Redirect')&color=brighgreen)

### Description

An open redirect vulnerability exists in the return_page redirection functionality of phpGACL 3.3.7, OpenEMR 5.0.2 and OpenEMR development version 6.0.0 (commit babec93f600ff1394f91ccd512bcad85832eb6ce). A specially crafted HTTP request can redirect users to an arbitrary URL. An attacker can provide a crafted URL to trigger this vulnerability.

### POC

#### Reference
- https://talosintelligence.com/vulnerability_reports/TALOS-2020-1178

#### Github
- https://github.com/Live-Hack-CVE/CVE-2020-13565