Moderate severityNVD Advisory· Published May 18, 2012· Updated Apr 29, 2026
CVE-2012-1589
CVE-2012-1589
Description
Open redirect vulnerability in the Form API in Drupal 7.x before 7.13 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via crafted parameters in a destination URL.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
drupal/drupalPackagist | >= 7.0, < 7.13 | 7.13 |
Affected products
30cpe:2.3:a:drupal:drupal:7.0:*:*:*:*:*:*:*+ 28 more
- cpe:2.3:a:drupal:drupal:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.0:alpha1:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.0:alpha2:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.0:alpha3:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.0:alpha4:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.0:alpha5:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.0:alpha6:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.0:alpha7:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.0:dev:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.0:rc4:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.10:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.11:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.12:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.2:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.3:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.4:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.5:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.6:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.7:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.8:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.9:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.x-dev:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
11- drupal.org/node/1557938nvdVendor AdvisoryWEB
- github.com/advisories/GHSA-wwrm-8947-4m6cghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2012-1589ghsaADVISORY
- jvn.jp/en/jp/JVN45898075/index.htmlnvdWEB
- jvndb.jvn.jp/jvndb/JVNDB-2012-000045nvdWEB
- web.archive.org/web/20120507035905/http://www.securityfocus.com/bid/53365ghsaWEB
- web.archive.org/web/20150523060428/http://www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2013:074/ghsaWEB
- osvdb.org/81679nvd
- secunia.com/advisories/49012nvd
- www.mandriva.com/security/advisoriesnvd
- www.securityfocus.com/bid/53365nvd
News mentions
0No linked articles in our index yet.