Description
CRLF injection vulnerability in the drupal_goto function in includes/common.inc Drupal 4.7.x before 4.7.8 and 5.x before 5.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
Remediation
References
Related Vulnerabilities
WordPress Plugin WooCommerce Cross-Site Scripting (3.5.4)
phpMyFAQ Sensitive Cookie in HTTPS Session Without 'Secure' Attribute Vulnerability (CVE-2023-5866)
PHP Other Vulnerability (CVE-2004-0958)
XWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2023-46242)
Jboss EAP Improper Input Validation Vulnerability (CVE-2011-4314)