CVE-2020-36665: 
PHP vulnerability analysis and mitigation

A critical vulnerability (CVE-2020-36665) was discovered in Artesãos SEOTools versions up to 0.17.1. The vulnerability affects the eachValue function in the TwitterCards.php file, where improper input validation could lead to an open redirect attack. The issue was disclosed and patched in version 0.17.2 (GitHub Release).

The vulnerability is classified as CWE-601 (URL Redirection to Untrusted Site). The issue stems from insufficient validation of user input in the eachValue function of TwitterCards.php, as well as similar issues in OpenGraph.php and SEOMeta.php components. The CVSS v3.1 base score is 6.1 (MEDIUM) with vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N (NVD).

If exploited, this vulnerability allows an attacker to manipulate argument values to perform open redirect attacks. This could potentially lead to phishing attacks by redirecting users to malicious websites while appearing to come from a trusted source (NVD).

The vulnerability was fixed in version 0.17.2 of Artesãos SEOTools. The patch implements proper input sanitization by removing potentially dangerous strings like 'http-equiv=' and 'url=' from user input. Users are recommended to upgrade to version 0.17.2 or later to address this security issue (GitHub Release).