Open redirect vulnerability in Drupal 6.x before 6.35 and 7.x before 7.35 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination parameter.
A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Drupal | Drupal | 7.0 | 7.0 |
Drupal | Drupal | 7.0 | 7.0 |
Drupal | Drupal | 7.0 | 7.0 |
Drupal | Drupal | 6.0 | 6.0 |
Drupal | Drupal | 6.33 | 6.33 |
Drupal | Drupal | 7.16 | 7.16 |
Drupal | Drupal | 6.0 | 6.0 |
Drupal | Drupal | 7.21 | 7.21 |
Drupal | Drupal | 6.2 | 6.2 |
Drupal | Drupal | 7.0 | 7.0 |
Drupal | Drupal | 7.18 | 7.18 |
Drupal | Drupal | 7.15 | 7.15 |
Drupal | Drupal | 7.0 | 7.0 |
Drupal | Drupal | 6.14 | 6.14 |
Drupal | Drupal | 6.24 | 6.24 |
Drupal | Drupal | 6.13 | 6.13 |
Drupal | Drupal | 6.0 | 6.0 |
Drupal | Drupal | 6.25 | 6.25 |
Drupal | Drupal | 6.18 | 6.18 |
Drupal | Drupal | 7.0 | 7.0 |
Drupal | Drupal | 7.0 | 7.0 |
Drupal | Drupal | 7.0 | 7.0 |
Drupal | Drupal | 6.0 | 6.0 |
Drupal | Drupal | 7.3 | 7.3 |
Drupal | Drupal | 6.12 | 6.12 |
Drupal | Drupal | 6.32 | 6.32 |
Drupal | Drupal | 7.17 | 7.17 |
Drupal | Drupal | 7.8 | 7.8 |
Drupal | Drupal | 7.0 | 7.0 |
Drupal | Drupal | 7.13 | 7.13 |
Drupal | Drupal | 6.0 | 6.0 |
Drupal | Drupal | 7.20 | 7.20 |
Drupal | Drupal | 6.0 | 6.0 |
Drupal | Drupal | 6.4 | 6.4 |
Drupal | Drupal | 7.5 | 7.5 |
Drupal | Drupal | 6.11 | 6.11 |
Drupal | Drupal | 7.10 | 7.10 |
Drupal | Drupal | 7.30 | 7.30 |
Drupal | Drupal | 7.27 | 7.27 |
Drupal | Drupal | 7.6 | 7.6 |
Drupal | Drupal | 7.12 | 7.12 |
Drupal | Drupal | 6.0 | 6.0 |
Drupal | Drupal | 7.34 | 7.34 |
Drupal | Drupal | 7.9 | 7.9 |
Drupal | Drupal | 7.0 | 7.0 |
Drupal | Drupal | 6.26 | 6.26 |
Drupal | Drupal | 7.0 | 7.0 |
Drupal | Drupal | 6.30 | 6.30 |
Drupal | Drupal | 7.4 | 7.4 |
Drupal | Drupal | 6.7 | 6.7 |
Drupal | Drupal | 7.28 | 7.28 |
Drupal | Drupal | 7.22 | 7.22 |
Drupal | Drupal | 6.22 | 6.22 |
Drupal | Drupal | 7.0 | 7.0 |
Drupal | Drupal | 6.8 | 6.8 |
Drupal | Drupal | 6.27 | 6.27 |
Drupal | Drupal | 6.19 | 6.19 |
Drupal | Drupal | 7.11 | 7.11 |
Drupal | Drupal | 7.33 | 7.33 |
Drupal | Drupal | 6.1 | 6.1 |
Drupal | Drupal | 6.28 | 6.28 |
Drupal | Drupal | 6.21 | 6.21 |
Drupal | Drupal | 7.0 | 7.0 |
Drupal | Drupal | 7.19 | 7.19 |
Drupal | Drupal | 6.17 | 6.17 |
Drupal | Drupal | 6.5 | 6.5 |
Drupal | Drupal | 7.25 | 7.25 |
Drupal | Drupal | 7.0 | 7.0 |
Drupal | Drupal | 7.32 | 7.32 |
Drupal | Drupal | 7.24 | 7.24 |
Drupal | Drupal | 6.31 | 6.31 |
Drupal | Drupal | 6.10 | 6.10 |
Drupal | Drupal | 7.14 | 7.14 |
Drupal | Drupal | 7.23 | 7.23 |
Drupal | Drupal | 7.26 | 7.26 |
Drupal | Drupal | 7.0 | 7.0 |
Drupal | Drupal | 6.23 | 6.23 |
Drupal | Drupal | 6.6 | 6.6 |
Drupal | Drupal | 7.29 | 7.29 |
Drupal | Drupal | 6.0 | 6.0 |
Drupal | Drupal | 7.1 | 7.1 |
Drupal | Drupal | 7.31 | 7.31 |
Drupal | Drupal | 6.15 | 6.15 |
Drupal | Drupal | 6.0 | 6.0 |
Drupal | Drupal | 6.16 | 6.16 |
Drupal | Drupal | 7.7 | 7.7 |
Drupal | Drupal | 6.34 | 6.34 |
Drupal | Drupal | 7.0 | 7.0 |
Drupal | Drupal | 6.3 | 6.3 |
Drupal | Drupal | 7.2 | 7.2 |
Drupal | Drupal | 6.0 | 6.0 |
Drupal | Drupal | 6.29 | 6.29 |
Drupal | Drupal | 6.20 | 6.20 |
Drupal | Drupal | 6.9 | 6.9 |