Description
CRLF injection vulnerability in the drupal_goto function in includes/common.inc Drupal 4.7.x before 4.7.8 and 5.x before 5.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
Remediation
References
Related Vulnerabilities
Cherokee Improper Input Validation Vulnerability (CVE-2009-4489)
Osclass Other Vulnerability (CVE-2014-8085)
MySQL CVE-2017-3636 Vulnerability (CVE-2017-3636)
Liferay Portal Insecure Default Initialization of Resource Vulnerability (CVE-2023-33949)
WordPress Plugin Themify Portfolio Post Cross-Site Scripting (1.1.5)