CVE-2016-3167

CWE-601Open Redirect5 documents5 sources
Severity
7.4HIGH
EPSS
0.6%
top 29.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Drupal CoreDrupal DrupalDebian Debian Linux
Timeline
PublishedApr 12
Latest updateMay 17

Description

Open redirect vulnerability in the drupal_goto function in Drupal 6.x before 6.38, when used with PHP before 5.4.7, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a double-encoded URL in the "destination" parameter.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:NExploitability: 2.8 | Impact: 4.0

Affected Packages3 packages

Packagistdrupal/core6.06.38
Packagistdrupal/drupal6.06.38
NVDdrupal/drupal38 versions+37

Also affects: Debian Linux 7.0, 8.0

Patches

Patch: www.drupal.orgPatch: www.drupal.org

🔴Vulnerability Details

3
OSV
Drupal Open redirect vulnerability in the drupal_goto function2022-05-17
GHSA
Drupal Open redirect vulnerability in the drupal_goto function2022-05-17
CVEList
CVE-2016-3167: Open redirect vulnerability in the drupal_goto function in Drupal 62016-04-12

💬Community

1
Bugzilla
CVE-2016-3162 CVE-2016-3163 CVE-2016-3164 CVE-2016-3165 CVE-2016-3166 CVE-2016-3167 CVE-2016-3168 CVE-2016-3169 CVE-2016-3170 CVE-2016-3171 drupal: several issues fixed in 7.43 and 6.38 (SA-CORE-2016-2016-02-26
CVE-2016-3167 (HIGH CVSS 7.4) | Open redirect vulnerability in the | cvebase.io