cbcvebase.
CVE-2016-3167
published 2016-04-12

CVE-2016-3167: Open redirect vulnerability in the drupal_goto function in Drupal 6.x before 6.38, when used with PHP before 5.4.7, allows remote attackers to redirect users…

PriorityP427high7.4CVSS 3.0
AVNACLPRNUIRSCCNIHAN
EPSS
1.35%
68.1th percentile
Open redirect vulnerability in the drupal_goto function in Drupal 6.x before 6.38, when used with PHP before 5.4.7, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a double-encoded URL in the "destination" parameter.

Affected

42 ranges· showing 25
VendorProductVersion rangeFixed in
debiandebian_linux
debiandebian_linux
drupalcore>= 6.0 < 6.386.38
drupaldrupal
drupaldrupal
drupaldrupal
drupaldrupal
drupaldrupal
drupaldrupal
drupaldrupal
drupaldrupal
drupaldrupal
drupaldrupal
drupaldrupal
drupaldrupal
drupaldrupal
drupaldrupal
drupaldrupal
drupaldrupal
drupaldrupal
drupaldrupal
drupaldrupal
drupaldrupal
drupaldrupal
drupaldrupal

CVSS provenance

nvdv3.07.4HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:P/I:P/A:N
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.