Drupal Other Vulnerability (CVE-2016-3164)

Description

Drupal 6.x before 6.38, 7.x before 7.43, and 8.x before 8.0.4 might allow remote attackers to conduct open redirect attacks by leveraging (1) custom code or (2) a form shown on a 404 error page, related to path manipulation.

Remediation

References

CVE-2016-3164

Related Vulnerabilities

WordPress Plugin YITH Product Size Charts for WooCommerce Security Bypass (1.1.11)

Sqlite Use After Free Vulnerability (CVE-2019-5018)

WordPress Plugin Slimstat Analytics Cross-Site Scripting (4.8)

SharePoint Improper Input Validation Vulnerability (CVE-2019-1296)

WordPress Plugin JS Job Manager Unspecified Vulnerability (1.0.9)

Severity

High

Classification

CVE-2016-3164 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N