CVE-2016-3167
- Source
- https://cve.org/CVERecord?id=CVE-2016-3167
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-3167.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2016-3167
- Aliases
- Published
- 2016-04-12T15:59:04.980Z
- Modified
- 2026-04-10T03:50:52.044433Z
- Severity
-
- 7.4 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Open redirect vulnerability in the drupal_goto function in Drupal 6.x before 6.38, when used with PHP before 5.4.7, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a double-encoded URL in the "destination" parameter.
- References
Affected packages
Git / github.com/drupal/drupal
Affected ranges
- Type
- GIT
- Repo
- https://github.com/drupal/drupal
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "0" }, { "last_affected": "6.0-dev" }, { "introduced": "0" }, { "last_affected": "6.1" }, { "introduced": "0" }, { "last_affected": "6.2" }, { "introduced": "0" }, { "last_affected": "6.3" }, { "introduced": "0" }, { "last_affected": "6.4" }, { "introduced": "0" }, { "last_affected": "6.5" }, { "introduced": "0" }, { "last_affected": "6.6" }, { "introduced": "0" }, { "last_affected": "6.7" }, { "introduced": "0" }, { "last_affected": "6.8" }, { "introduced": "0" }, { "last_affected": "6.9" }, { "introduced": "0" }, { "last_affected": "6.10" }, { "introduced": "0" }, { "last_affected": "6.11" }, { "introduced": "0" }, { "last_affected": "6.12" }, { "introduced": "0" }, { "last_affected": "6.13" }, { "introduced": "0" }, { "last_affected": "6.14" }, { "introduced": "0" }, { "last_affected": "6.15" }, { "introduced": "0" }, { "last_affected": "6.16" }, { "introduced": "0" }, { "last_affected": "6.17" }, { "introduced": "0" }, { "last_affected": "6.18" }, { "introduced": "0" }, { "last_affected": "6.19" }, { "introduced": "0" }, { "last_affected": "6.20" }, { "introduced": "0" }, { "last_affected": "6.21" }, { "introduced": "0" }, { "last_affected": "6.22" }, { "introduced": "0" }, { "last_affected": "6.23" }, { "introduced": "0" }, { "last_affected": "6.24" }, { "introduced": "0" }, { "last_affected": "6.25" }, { "introduced": "0" }, { "last_affected": "6.26" }, { "introduced": "0" }, { "last_affected": "6.27" }, { "introduced": "0" }, { "last_affected": "6.28" }, { "introduced": "0" }, { "last_affected": "6.29" }, { "introduced": "0" }, { "last_affected": "6.30" }, { "introduced": "0" }, { "last_affected": "6.31" }, { "introduced": "0" }, { "last_affected": "6.32" }, { "introduced": "0" }, { "last_affected": "6.33" }, { "introduced": "0" }, { "last_affected": "6.34" }, { "introduced": "0" }, { "last_affected": "6.35" }, { "introduced": "0" }, { "last_affected": "6.36" }, { "introduced": "0" }, { "last_affected": "6.37" } ] }
- Type
- GIT
- Repo
- https://github.com/php/php-src
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "0" }, { "last_affected": "7.0" }, { "introduced": "0" }, { "last_affected": "8.0" } ] }
Affected versions
1.*
1.0
2.*
2.0
3.*
3.0.1
5.*
5.0-beta-1
5.0-beta-2
5.0-rc-1
5.0-rc-2
6.*
6.0
6.0-beta-1
6.0-beta-2
6.0-beta-3
6.0-beta-4
6.0-rc-1
6.0-rc-2
6.0-rc-3
6.0-rc-4
6.1
6.10
6.11
6.12
6.13
6.14
6.15
6.16
6.17
6.18
6.19
6.2
6.20
6.21
6.22
6.23
6.24
6.25
6.26
6.27
6.28
6.29
6.3
6.30
6.31
6.32
6.33
6.34
6.35
6.36
6.37
6.4
6.5
6.6
6.7
6.8
6.9
Other
POST_64BIT_BRANCH_MERGE
POST_AST_MERGE
POST_PHP7_NSAPI_REMOVAL
POST_PHP7_REMOVALS
POST_PHPNG_MERGE
PRE_64BIT_BRANCH_MERGE
PRE_AST_MERGE
PRE_PHP7_EREG_MYSQL_REMOVALS
PRE_PHP7_NSAPI_REMOVAL
PRE_PHP7_REMOVALS
start
php-7.*
php-7.0.0
php-7.0.0RC1
php-7.0.0RC2
php-7.0.0RC3
php-7.0.0RC4
php-7.0.0RC5
php-7.0.0RC6
php-7.0.0RC7
php-7.0.0RC8
php-7.0.0alpha1
php-7.0.0alpha2
php-7.0.0beta1
php-7.0.0beta2
php-7.0.0beta3
php-8.*
php-8.0.0
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-3167.json"
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.0-beta2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.0-beta3"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.0-beta4"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.0-rc1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.0-rc2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.0-rc3"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.0-rc4"
}
]
}
]