Open Redirect Vulnerability in Drupal Versions 6.x, 7.x, and 8.x

Open Redirect Vulnerability in Drupal Versions 6.x, 7.x, and 8.x

CVE-2016-3164 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:N

Drupal 6.x before 6.38, 7.x before 7.43, and 8.x before 8.0.4 might allow remote attackers to conduct open redirect attacks by leveraging (1) custom code or (2) a form shown on a 404 error page, related to path manipulation.

Learn more about our Web Application Penetration Testing UK.