Description
Open redirect vulnerability in the drupal_goto function in Drupal 6.x before 6.38, when used with PHP before 5.4.7, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a double-encoded URL in the "destination" parameter.
Remediation
References
Related Vulnerabilities
ownCloud Exposure of Resource to Wrong Sphere Vulnerability (CVE-2020-36252)
Oracle HTTP Server CVE-2014-0098 Vulnerability (CVE-2014-0098)
MODX Improper Certificate Validation Vulnerability (CVE-2017-7322)
MySQL CVE-2021-2193 Vulnerability (CVE-2021-2193)
Jenkins Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-10384)