Medium severity6.8NVD Advisory· Published Nov 25, 2016· Updated Jun 17, 2026
CVE-2016-9451
CVE-2016-9451
Description
Confirmation forms in Drupal 7.x before 7.52 make it easier for remote authenticated users to conduct open redirect attacks via unspecified vectors.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
drupal/corePackagist | >= 7.0, < 7.52 | 7.52 |
drupal/corePackagist | >= 8.0, < 8.2.3 | 8.2.3 |
Affected products
57cpe:2.3:a:drupal:drupal:7.0:*:*:*:*:*:*:*+ 55 more
- cpe:2.3:a:drupal:drupal:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.0:alpha1:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.0:alpha2:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.0:alpha3:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.0:alpha4:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.0:alpha5:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.0:alpha6:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.0:alpha7:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.0:dev:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.0:rc4:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.10:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.11:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.12:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.13:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.14:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.15:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.16:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.17:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.18:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.19:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.2:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.20:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.21:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.22:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.23:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.24:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.25:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.26:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.27:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.28:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.29:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.3:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.30:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.31:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.32:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.33:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.34:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.35:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.36:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.37:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.38:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.4:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.40:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.41:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.42:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.43:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.44:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.50:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.51:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
5- www.drupal.org/SA-CORE-2016-005nvdPatchVendor AdvisoryWEB
- www.securityfocus.com/bid/94367nvdThird Party AdvisoryVDB EntryWEB
- github.com/advisories/GHSA-66gr-xrcf-8jpqghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2016-9451ghsaADVISORY
- www.debian.org/security/2016/dsa-3718nvdWEB
News mentions
0No linked articles in our index yet.