CVE-2016-3167: Drupal Open redirect vulnerability in the drupal_goto function
7.4
CVSS Score
3.0
Basic Information
CVE ID
GHSA ID
EPSS Score
0.69398%
CWE
Published
5/17/2022
Updated
4/23/2024
KEV Status
No
Technology
PHP
Technical Details
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
drupal/core | composer | >= 6.0, < 6.38 | 6.38 |
drupal/drupal | composer | >= 6.0, < 6.38 | 6.38 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability title and CVE description explicitly name drupal_goto as the vulnerable function. The core issue stems from its handling of the 'destination' parameter - it performs a single rawurldecode() call but fails to account for double-encoded payloads that bypass Drupal's URL validation when PHP's built-in request parameter parsing automatically decodes inputs. This combination allows the redirect protection to be circumvented. The file path is confirmed through Drupal 6's code structure where common utilities like drupal_goto reside in includes/common.inc.