7 matches found
GHSA-WXFG-253G-M7R4 Drupal core Open Redirect vulnerability
Drupal 7 has an Open Redirect vulnerability. For example, a user could be tricked into visiting a specially crafted link which would redirect them to an arbitrary external URL. The vulnerability is caused by insufficient validation of the destination query parameter in the drupalgoto function...
Drupal core Open Redirect vulnerability
Drupal 7 has an Open Redirect vulnerability. For example, a user could be tricked into visiting a specially crafted link which would redirect them to an arbitrary external URL. The vulnerability is caused by insufficient validation of the destination query parameter in the drupalgoto function...
Drupal Open redirect vulnerability in the drupal_goto function
Open redirect vulnerability in the drupalgoto function in Drupal 6.x before 6.38, when used with PHP before 5.4.7, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a double-encoded URL in the "destination" parameter...
GHSA-GXWX-C7M8-F95H Drupal Open redirect vulnerability in the drupal_goto function
Open redirect vulnerability in the drupalgoto function in Drupal 6.x before 6.38, when used with PHP before 5.4.7, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a double-encoded URL in the "destination" parameter...
Drupal 6.15, 5.21 (API function drupal_goto) Open Redirect Vulnerability
Exploit for unknown platform in category web applications =========================================================================== Drupal 6.15, 5.21 API function drupalgoto Open Redirection Vulnerability =========================================================================== Open redirecti...
CVE-2007-5595
CRLF injection vulnerability in the drupalgoto function in includes/common.inc Drupal 4.7.x before 4.7.8 and 5.x before 5.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors...
CVE-2007-5595
Drupal 4.7.x before 4.7.8 and 5.x before 5.3 contains a CRLF injection vulnerability in the drupal_goto function (includes/common.inc). Remote attackers can inject arbitrary HTTP headers and perform HTTP response splitting via unspecified vectors. Public references describe fixes upgrading to Dru...