Description

CRLF injection vulnerability in the drupal_goto function in includes/common.inc Drupal 4.7.x before 4.7.8 and 5.x before 5.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

Remediation

References

CVE-2007-5595

Related Vulnerabilities

WordPress Plugin ECPay Logistics for WooCommerce Cross-Site Scripting (1.2.181030)

WordPress Plugin Remove Yoast SEO comments Unspecified Vulnerability (1.0.4)

WordPress Plugin Manage Calameo Publications by Athlon Cross-Site Scripting (1.1.0)

WordPress Plugin WooCommerce Cross-Site Scripting (2.4.8)

Next.js Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2018-6184)

Severity

Medium

Classification

CVE-2007-5595 CWE-113

Tags

Missing Update Known Vulnerabilities