CRLF injection vulnerability in the drupal_goto function in includes/common.inc Drupal 4.7.x prior to 4.7.8 and 5.x prior to 5.3 allows remote malicious users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
drupal drupal |