CVE-2024-24291 is a medium-severity vulnerability classified under CWE-601 (Open Redirect) affecting the /member/index/login component of yzmcms version 7.0. This vulnerability allows an attacker to craft a malicious URL that, when clicked by a user, redirects the user to an arbitrary external site controlled by the attacker. The vulnerability is exploitable remotely over the network without requiring authentication (AV:N/PR:N), but it does require user interaction (UI:R) since the victim must click the crafted URL. The vulnerability impacts confidentiality and integrity to a limited extent by potentially facilitating phishing attacks or redirecting users to malicious websites that could harvest credentials or deliver malware. The vulnerability does not affect availability. The scope is considered changed (S:C) because the vulnerability affects resources beyond the vulnerable component by redirecting users externally. The CVSS v3.1 base score is 6.1, reflecting a medium severity level. No known exploits in the wild have been reported yet, and no official patches or vendor information are currently available. yzmcms is a content management system (CMS) used primarily in certain web environments, and the affected component is part of the user login process, making it a critical interaction point for users. The lack of vendor and product details limits the ability to fully assess the ecosystem impact, but the vulnerability's nature suggests it could be leveraged in social engineering or phishing campaigns targeting users of the affected CMS.

For European organizations using yzmcms v7.0, this vulnerability poses a risk primarily through social engineering and phishing attacks. Attackers could exploit the open redirect to trick users into visiting malicious sites that may steal credentials, distribute malware, or conduct further attacks such as drive-by downloads. Organizations in sectors with high user interaction on web portals—such as government services, education, and e-commerce—may be particularly vulnerable. The redirection could undermine user trust and lead to reputational damage. While the direct technical impact on system confidentiality and integrity is limited, the indirect consequences through user compromise could be significant. Additionally, the vulnerability could be chained with other attacks to escalate impact. Given the lack of authentication requirement, any user accessing the vulnerable login page could be targeted, increasing the attack surface. The medium severity rating suggests that while this is not an immediate critical threat, it requires timely attention to prevent exploitation, especially in environments with high-value user data or sensitive transactions.

1. Implement strict input validation and sanitization on URL parameters used in the /member/index/login component to ensure that redirect URLs are limited to trusted domains only. 2. Employ a whitelist approach for allowed redirect destinations rather than relying on user-supplied URLs. 3. Add user-facing warnings or confirmation prompts before redirecting to external sites to alert users of potential risks. 4. Monitor web server logs for unusual redirect patterns or spikes in traffic to suspicious external URLs. 5. Educate users about the risks of clicking on unsolicited or suspicious links, particularly those that appear to redirect from trusted sites. 6. If possible, isolate or sandbox the login component to limit the impact of any redirected malicious content. 7. Stay alert for official patches or updates from yzmcms or community sources and apply them promptly once available. 8. Consider deploying web application firewalls (WAFs) with rules to detect and block open redirect attempts targeting this component. 9. Conduct regular security assessments and penetration testing focused on URL redirection and input validation mechanisms within the CMS.