The web application sends a redirect to another location, but instead of exiting, it executes additional code.
This weakness could affect the control flow of the application and allow execution of untrusted code.
This issue might not be detected if testing is performed using a web browser, because the browser might obey the redirect and move the user to a different page before the application has produced outputs that indicate something is amiss.
CVE-2013-1402Execution-after-redirect allows access to application configuration details.
CVE-2009-1936chain: library file sends a redirect if it is directly requested but continues to execute, allowing remote file inclusion and path traversal.
CVE-2007-2713Remote attackers can obtain access to administrator functionality through EAR.
CVE-2007-4932Remote attackers can obtain access to administrator functionality through EAR.
CVE-2007-5578Bypass of authentication step through EAR.