CVE-2016-9451

CWE-601Open Redirect8 documents5 sources
Severity
6.8MEDIUM
EPSS
0.1%
top 69.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Drupal CoreDrupal Drupal
Timeline
PublishedNov 25
Latest updateMay 17

Description

Confirmation forms in Drupal 7.x before 7.52 make it easier for remote authenticated users to conduct open redirect attacks via unspecified vectors.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:NExploitability: 2.3 | Impact: 4.0

Affected Packages2 packages

Packagistdrupal/core7.07.52+1
NVDdrupal/drupal41 versions+40

Patches

Patch: www.drupal.orgPatch: www.drupal.org

🔴Vulnerability Details

4
OSV
Drupal Open Redirect2022-05-17
GHSA
Drupal Open Redirect2022-05-17
CVEList
CVE-2016-9451: Confirmation forms in Drupal 72016-11-25
OSV
CVE-2016-9451: Confirmation forms in Drupal 72016-11-25

💬Community

3
Bugzilla
CVE-2016-9449 CVE-2016-9450 CVE-2016-9451 CVE-2016-9452 drupal: Multiple vulnerabilities fixed in 7.522016-11-18
Bugzilla
CVE-2016-9449 CVE-2016-9450 CVE-2016-9451 CVE-2016-9452 drupal7: drupal: Multiple vulnerabilities fixed in 7.52 [epel-all]2016-11-18
Bugzilla
CVE-2016-9449 CVE-2016-9450 CVE-2016-9451 CVE-2016-9452 drupal7: drupal: Multiple vulnerabilities fixed in 7.52 [fedora-all]2016-11-18
CVE-2016-9451 (MEDIUM CVSS 6.8) | Confirmation forms in Drupal 7.x be | cvebase.io