Description
Open redirect vulnerability in the drupal_goto function in Drupal 6.x before 6.38, when used with PHP before 5.4.7, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a double-encoded URL in the "destination" parameter.
Remediation
References
Related Vulnerabilities
Magento Improper Authorization Vulnerability (CVE-2020-24402)
WebLogic Server-Side Request Forgery (SSRF) Vulnerability (CVE-2020-11987)
Oracle JRE CVE-2013-5849 Vulnerability (CVE-2013-5849)
Liferay Portal Cleartext Storage of Sensitive Information Vulnerability (CVE-2021-33325)
phpMyAdmin URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2017-1000013)