Open redirect vulnerability in the drupal_goto function in Drupal 6.x prior to 6.38, when used with PHP prior to 5.4.7, allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via a double-encoded URL in the "destination" parameter.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
drupal drupal 6.36 |
||
drupal drupal 6.35 |
||
drupal drupal 6.34 |
||
drupal drupal 6.33 |
||
drupal drupal 6.20 |
||
drupal drupal 6.2 |
||
drupal drupal 6.19 |
||
drupal drupal 6.18 |
||
drupal drupal 6.0 |
||
drupal drupal 6.6 |
||
drupal drupal 6.4 |
||
drupal drupal 6.32 |
||
drupal drupal 6.30 |
||
drupal drupal 6.29 |
||
drupal drupal 6.24 |
||
drupal drupal 6.22 |
||
drupal drupal 6.16 |
||
drupal drupal 6.14 |
||
drupal drupal 6.37 |
||
drupal drupal 6.9 |
||
drupal drupal 6.8 |
||
drupal drupal 6.28 |
||
drupal drupal 6.27 |
||
drupal drupal 6.26 |
||
drupal drupal 6.25 |
||
drupal drupal 6.13 |
||
drupal drupal 6.12 |
||
drupal drupal 6.11 |
||
drupal drupal 6.10 |
||
drupal drupal 6.1 |
||
drupal drupal 6.7 |
||
drupal drupal 6.5 |
||
drupal drupal 6.31 |
||
drupal drupal 6.3 |
||
drupal drupal 6.23 |
||
drupal drupal 6.21 |
||
drupal drupal 6.17 |
||
drupal drupal 6.15 |
||
debian debian linux 7.0 |
||
debian debian linux 8.0 |