PT-2016-5393 · Drupal · Drupal

Pere Orga

Published

2016-02-28

Updated

2022-05-17

CVE-2016-3164

CVSS v3.1

7.4

High

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Drupal versions 6.x through 6.37 Drupal versions 7.x through 7.42 Drupal versions 8.x through 8.0.3

Description The issue allows remote attackers to conduct open redirect attacks by leveraging custom code or a form shown on a 404 error page, related to path manipulation.

Recommendations For Drupal versions 6.x through 6.37, update to version 6.38 or later. For Drupal versions 7.x through 7.42, update to version 7.43 or later. For Drupal versions 8.x through 8.0.3, update to version 8.0.4 or later.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2016-3164

DSA-3498-1

GHSA-836P-6P4J-35CG

Affected Products

Drupal

PT-2016-5393 · Drupal · Drupal

CVE-2016-3164

Related Identifiers

Affected Products

References · 24