logo

Database

Uncontrolled external site redirect In drupal/drupal

Description

Drupal Open redirect vulnerability in the drupal_goto function Open redirect vulnerability in the drupal_goto function in Drupal 6.x before 6.38, when used with PHP before 5.4.7, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a double-encoded URL in the "destination" parameter.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2016-31672. NVD-2016-31673. OSV-2016-31674. GCVE-2016-3167

References

1. https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-3167.yaml2. https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-3167.yaml3. https://www.drupal.org/SA-CORE-2016-0014. http://www.debian.org/security/2016/dsa-34985. http://www.openwall.com/lists/oss-security/2016/02/24/196. http://www.openwall.com/lists/oss-security/2016/03/15/10

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.