CVE-2016-3167

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2016-3167

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-3167.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2016-3167

Aliases

GHSA-gxwx-c7m8-f95h

Published

2016-04-12T15:59:04.980Z

Modified

2026-05-18T05:48:33.109190815Z

Severity

7.4 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

Open redirect vulnerability in the drupal_goto function in Drupal 6.x before 6.38, when used with PHP before 5.4.7, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a double-encoded URL in the "destination" parameter.

Database specific

{
    "unresolved_ranges": [
        {
            "cpes": [
                "cpe:2.3:a:drupal:drupal:6.0:beta2:*:*:*:*:*:*",
                "cpe:2.3:a:drupal:drupal:6.0:beta3:*:*:*:*:*:*",
                "cpe:2.3:a:drupal:drupal:6.0:beta4:*:*:*:*:*:*",
                "cpe:2.3:a:drupal:drupal:6.0:rc1:*:*:*:*:*:*",
                "cpe:2.3:a:drupal:drupal:6.0:rc2:*:*:*:*:*:*",
                "cpe:2.3:a:drupal:drupal:6.0:rc3:*:*:*:*:*:*",
                "cpe:2.3:a:drupal:drupal:6.0:rc4:*:*:*:*:*:*"
            ],
            "source": "CPE_FIELD",
            "extracted_events": [
                {
                    "last_affected": "6.0-beta2"
                },
                {
                    "last_affected": "6.0-beta3"
                },
                {
                    "last_affected": "6.0-beta4"
                },
                {
                    "last_affected": "6.0-rc1"
                },
                {
                    "last_affected": "6.0-rc2"
                },
                {
                    "last_affected": "6.0-rc3"
                },
                {
                    "last_affected": "6.0-rc4"
                }
            ],
            "vendor_product": "drupal:drupal"
        }
    ]
}

References

Affected packages

Git / github.com/drupal/drupal

Affected ranges

Type

GIT

Repo

https://github.com/drupal/drupal

Events

Introduced

Last affected

f8d6bbf44160e6d00e71f0172ecf80e78d0f0d3c

Last affected

d6c7b4cf627ab409c595e1c76bf0a8deadbc7feb

Last affected

fee422170acc602c2049af4dc2fd00f1da3c5713

Last affected

dff6422ef765e6a6b1ca03184e4ed334c895fd4c

Last affected

49f719f7c4f7c1b69dc35ff8fbdea123e7d88f92

Last affected

85c9ed0b6a001b4196b24826841e2cf2d18d2612

Last affected

87a469b868ad719c11fb59d932b8d4a5bcf02b08

Last affected

ead5598cdfaf1505b478aa03db4017f9c1f829f5

Last affected

80cff5cedfe9f8a23596c1a7e1ae456c894a79ae

Last affected

bdd3062d800919f27627b8fddc3887b2495074c2

Last affected

a7c068b9bc213c599872a0f729d736f5ff3d7866

Last affected

8135c33f6fd219124b085a2e50ea9bf1f6e87612

Last affected

84f629ace76044177ddd24ad03c2566b9af1688b

Last affected

7c757303a57f24770f2707529f8398d194a5efcd

Last affected

b62ba500242b711ce932ecfeb258c00e22c258ba

Last affected

23bda276dc19dd3b3d17174b808020ae820879c7

Last affected

77b6714fb3e0bcec9ef7df1a610eb6bdbf09636e

Last affected

a09fcca0294ef62ba7b1c7ec2af2980f0a39d3e1

Last affected

4e8e0454b3bfc3b846cf4b7bcaca0e8f42f0c17a

Last affected

88146f6da7b169a6504ecfdd39fe29913c977350

Last affected

8636b1234c84a07f0f087ca5d64483c4fc7b2256

Last affected

7c4e429b7fa771676a18321aac9896e86773891e

Last affected

39f366e0a91bb0f79cdf7aab8d50c92473e6bd4e

Last affected

10edcf72444e58b2032957edd3d478ac2d431b0c

Last affected

3595e528c35eeeef5cdcd11932ede5af0b21447c

Last affected

7e8649f761e0279e07b2050a7ec61097636f269b

Last affected

9260bc47d39971738f6d489554a4eb22c8c8e85e

Last affected

da8023a98808d243a03d494750a30d06dd1827cc

Last affected

6f2fd0451a5cae837870da665f35514d8730fcf3

Last affected

9ce67f2e403f7238a581fc78ca51a7f5ba32fb52

Last affected

203f323c8813f60c634ca23e025934d1527b0418

Last affected

66e94d74994fced9fafbb2583f1c9e1bc636c04f

Last affected

92eedf2c17bcea6db47c6b317c6ebf6078bfffae

Last affected

c71b15f68010db028f07839c226d31563f220890

Last affected

01c9f6164e9b48a7d715e07fb0d98fbe71bae87b

Last affected

8ffc5db3c0ab926f3d4b2cf8bc51714c8c0f3c93

Last affected

a362d912056d6e385a6c458cddf776ec746c68ae

Last affected

e9d0768c1326332a3f1bbac761e7d9d7156d4ae6

Database specific

{
    "source": "CPE_FIELD",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "6.0-dev"
        },
        {
            "last_affected": "6.1"
        },
        {
            "last_affected": "6.2"
        },
        {
            "last_affected": "6.3"
        },
        {
            "last_affected": "6.4"
        },
        {
            "last_affected": "6.5"
        },
        {
            "last_affected": "6.6"
        },
        {
            "last_affected": "6.7"
        },
        {
            "last_affected": "6.8"
        },
        {
            "last_affected": "6.9"
        },
        {
            "last_affected": "6.10"
        },
        {
            "last_affected": "6.11"
        },
        {
            "last_affected": "6.12"
        },
        {
            "last_affected": "6.13"
        },
        {
            "last_affected": "6.14"
        },
        {
            "last_affected": "6.15"
        },
        {
            "last_affected": "6.16"
        },
        {
            "last_affected": "6.17"
        },
        {
            "last_affected": "6.18"
        },
        {
            "last_affected": "6.19"
        },
        {
            "last_affected": "6.20"
        },
        {
            "last_affected": "6.21"
        },
        {
            "last_affected": "6.22"
        },
        {
            "last_affected": "6.23"
        },
        {
            "last_affected": "6.24"
        },
        {
            "last_affected": "6.25"
        },
        {
            "last_affected": "6.26"
        },
        {
            "last_affected": "6.27"
        },
        {
            "last_affected": "6.28"
        },
        {
            "last_affected": "6.29"
        },
        {
            "last_affected": "6.30"
        },
        {
            "last_affected": "6.31"
        },
        {
            "last_affected": "6.32"
        },
        {
            "last_affected": "6.33"
        },
        {
            "last_affected": "6.34"
        },
        {
            "last_affected": "6.35"
        },
        {
            "last_affected": "6.36"
        },
        {
            "last_affected": "6.37"
        }
    ],
    "cpe": [
        "cpe:2.3:a:drupal:drupal:6.0:dev:*:*:*:*:*:*",
        "cpe:2.3:a:drupal:drupal:6.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:drupal:drupal:6.2:*:*:*:*:*:*:*",
        "cpe:2.3:a:drupal:drupal:6.3:*:*:*:*:*:*:*",
        "cpe:2.3:a:drupal:drupal:6.4:*:*:*:*:*:*:*",
        "cpe:2.3:a:drupal:drupal:6.5:*:*:*:*:*:*:*",
        "cpe:2.3:a:drupal:drupal:6.6:*:*:*:*:*:*:*",
        "cpe:2.3:a:drupal:drupal:6.7:*:*:*:*:*:*:*",
        "cpe:2.3:a:drupal:drupal:6.8:*:*:*:*:*:*:*",
        "cpe:2.3:a:drupal:drupal:6.9:*:*:*:*:*:*:*",
        "cpe:2.3:a:drupal:drupal:6.10:*:*:*:*:*:*:*",
        "cpe:2.3:a:drupal:drupal:6.11:*:*:*:*:*:*:*",
        "cpe:2.3:a:drupal:drupal:6.12:*:*:*:*:*:*:*",
        "cpe:2.3:a:drupal:drupal:6.13:*:*:*:*:*:*:*",
        "cpe:2.3:a:drupal:drupal:6.14:*:*:*:*:*:*:*",
        "cpe:2.3:a:drupal:drupal:6.15:*:*:*:*:*:*:*",
        "cpe:2.3:a:drupal:drupal:6.16:*:*:*:*:*:*:*",
        "cpe:2.3:a:drupal:drupal:6.17:*:*:*:*:*:*:*",
        "cpe:2.3:a:drupal:drupal:6.18:*:*:*:*:*:*:*",
        "cpe:2.3:a:drupal:drupal:6.19:*:*:*:*:*:*:*",
        "cpe:2.3:a:drupal:drupal:6.20:*:*:*:*:*:*:*",
        "cpe:2.3:a:drupal:drupal:6.21:*:*:*:*:*:*:*",
        "cpe:2.3:a:drupal:drupal:6.22:*:*:*:*:*:*:*",
        "cpe:2.3:a:drupal:drupal:6.23:*:*:*:*:*:*:*",
        "cpe:2.3:a:drupal:drupal:6.24:*:*:*:*:*:*:*",
        "cpe:2.3:a:drupal:drupal:6.25:*:*:*:*:*:*:*",
        "cpe:2.3:a:drupal:drupal:6.26:*:*:*:*:*:*:*",
        "cpe:2.3:a:drupal:drupal:6.27:*:*:*:*:*:*:*",
        "cpe:2.3:a:drupal:drupal:6.28:*:*:*:*:*:*:*",
        "cpe:2.3:a:drupal:drupal:6.29:*:*:*:*:*:*:*",
        "cpe:2.3:a:drupal:drupal:6.30:*:*:*:*:*:*:*",
        "cpe:2.3:a:drupal:drupal:6.31:*:*:*:*:*:*:*",
        "cpe:2.3:a:drupal:drupal:6.32:*:*:*:*:*:*:*",
        "cpe:2.3:a:drupal:drupal:6.33:*:*:*:*:*:*:*",
        "cpe:2.3:a:drupal:drupal:6.34:*:*:*:*:*:*:*",
        "cpe:2.3:a:drupal:drupal:6.35:*:*:*:*:*:*:*",
        "cpe:2.3:a:drupal:drupal:6.36:*:*:*:*:*:*:*",
        "cpe:2.3:a:drupal:drupal:6.37:*:*:*:*:*:*:*"
    ]
}

Affected versions

1.*

1.0

2.*

2.0

3.*

3.0.1

5.*

5.0-beta-1

5.0-beta-2

5.0-rc-1

5.0-rc-2

6.*

6.0

6.0-beta-1

6.0-beta-2

6.0-beta-3

6.0-beta-4

6.0-rc-1

6.0-rc-2

6.0-rc-3

6.0-rc-4

6.1

6.10

6.11

6.12

6.13

6.14

6.15

6.16

6.17

6.18

6.19

6.2

6.20

6.21

6.22

6.23

6.24

6.25

6.26

6.27

6.28

6.29

6.3

6.30

6.31

6.32

6.33

6.34

6.35

6.36

6.37

6.4

6.5

6.6

6.7

6.8

6.9

Other

start

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-3167.json"

Git / github.com/php/php-src

Affected ranges

Type

GIT

Repo

https://github.com/php/php-src

Events

Introduced

Last affected

60fffd296abce5fc071f3c173c25a2696cf683c6

Last affected

5dc92c2117cafc61daaaaa240fd46c3ac33872a4

Database specific

{
    "source": "CPE_FIELD",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.0"
        },
        {
            "last_affected": "8.0"
        }
    ],
    "cpe": [
        "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
        "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"
    ]
}

Affected versions

Other

POST_64BIT_BRANCH_MERGE

POST_AST_MERGE

POST_PHP7_NSAPI_REMOVAL

POST_PHP7_REMOVALS

POST_PHPNG_MERGE

PRE_64BIT_BRANCH_MERGE

PRE_AST_MERGE

PRE_PHP7_EREG_MYSQL_REMOVALS

PRE_PHP7_NSAPI_REMOVAL

PRE_PHP7_REMOVALS

php-7.*

php-7.0.0

php-7.0.0RC1

php-7.0.0RC2

php-7.0.0RC3

php-7.0.0RC4

php-7.0.0RC5

php-7.0.0RC6

php-7.0.0RC7

php-7.0.0RC8

php-7.0.0alpha1

php-7.0.0alpha2

php-7.0.0beta1

php-7.0.0beta2

php-7.0.0beta3

php-8.*

php-8.0.0

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-3167.json"