CVE-2015-2750

Open redirect vulnerability in URL-related API functions in Drupal 6.x before 6.35 and 7.x before 7.35 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the "//" initial sequence.

Published: Sep 13, 2017
Updated: Nov 9, 2025
CVE: CVE-2015-2750
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5.8
AV:N/AC:M/Au:N/C:P/I:P/A:N

CWEs:

CWE-601

Affected Software
References

Software	From	Fixed in
drupal / drupal	7.0-alpha5	7.0-alpha5.x
drupal / drupal	7.0-dev	7.0-dev.x
drupal / drupal	7.0-alpha7	7.0-alpha7.x
drupal / drupal	6.0-beta2	6.0-beta2.x
drupal / drupal	6.33	6.33.x
drupal / drupal	7.16	7.16.x
drupal / drupal	6.0-rc2	6.0-rc2.x
drupal / drupal	7.21	7.21.x
drupal / drupal	6.2	6.2.x
drupal / drupal	7.0-rc2	7.0-rc2.x
drupal / drupal	7.18	7.18.x
drupal / drupal	7.15	7.15.x
drupal / drupal	7.0-rc4	7.0-rc4.x
drupal / drupal	6.14	6.14.x
drupal / drupal	6.24	6.24.x
drupal / drupal	6.13	6.13.x
drupal / drupal	6.0-dev	6.0-dev.x
drupal / drupal	6.25	6.25.x
drupal / drupal	6.18	6.18.x
drupal / drupal	7.0-beta2	7.0-beta2.x
drupal / drupal	7.0-rc3	7.0-rc3.x
drupal / drupal	7.0-alpha1	7.0-alpha1.x
drupal / drupal	6.0-beta4	6.0-beta4.x
drupal / drupal	7.3	7.3.x
drupal / drupal	6.12	6.12.x
drupal / drupal	6.32	6.32.x
drupal / drupal	7.17	7.17.x
drupal / drupal	7.8	7.8.x
drupal / drupal	7.0-alpha4	7.0-alpha4.x
drupal / drupal	7.13	7.13.x
drupal / drupal	6.0-rc3	6.0-rc3.x
drupal / drupal	7.20	7.20.x
drupal / drupal	6.0-rc4	6.0-rc4.x
drupal / drupal	6.4	6.4.x
drupal / drupal	7.5	7.5.x
drupal / drupal	6.11	6.11.x
drupal / drupal	7.10	7.10.x
drupal / drupal	7.30	7.30.x
drupal / drupal	7.27	7.27.x
drupal / drupal	7.6	7.6.x
drupal / drupal	7.12	7.12.x
drupal / drupal	6.0-beta1	6.0-beta1.x
drupal / drupal	7.34	7.34.x
drupal / drupal	7.9	7.9.x
drupal / drupal	7.0-rc1	7.0-rc1.x
drupal / drupal	6.26	6.26.x
drupal / drupal	7.0-beta3	7.0-beta3.x
drupal / drupal	6.30	6.30.x
drupal / drupal	7.4	7.4.x
drupal / drupal	6.7	6.7.x
drupal / drupal	7.28	7.28.x
drupal / drupal	7.22	7.22.x
drupal / drupal	6.22	6.22.x
drupal / drupal	7.0-alpha2	7.0-alpha2.x
drupal / drupal	6.8	6.8.x
drupal / drupal	6.27	6.27.x
drupal / drupal	6.19	6.19.x
drupal / drupal	7.11	7.11.x
drupal / drupal	7.33	7.33.x
drupal / drupal	6.1	6.1.x
drupal / drupal	6.28	6.28.x
drupal / drupal	6.21	6.21.x
drupal / drupal	7.0-alpha6	7.0-alpha6.x
drupal / drupal	7.19	7.19.x
drupal / drupal	6.17	6.17.x
drupal / drupal	6.5	6.5.x
drupal / drupal	7.25	7.25.x
drupal / drupal	7.0	7.0.x
drupal / drupal	7.32	7.32.x
drupal / drupal	7.24	7.24.x
drupal / drupal	6.31	6.31.x
drupal / drupal	6.10	6.10.x
drupal / drupal	7.14	7.14.x
drupal / drupal	7.23	7.23.x
drupal / drupal	7.26	7.26.x
drupal / drupal	7.0-beta1	7.0-beta1.x
drupal / drupal	6.23	6.23.x
drupal / drupal	6.6	6.6.x
drupal / drupal	7.29	7.29.x
drupal / drupal	6.0	6.0.x
drupal / drupal	7.1	7.1.x
drupal / drupal	7.31	7.31.x
drupal / drupal	6.15	6.15.x
drupal / drupal	6.0-beta3	6.0-beta3.x
drupal / drupal	6.16	6.16.x
drupal / drupal	7.7	7.7.x
drupal / drupal	6.34	6.34.x
drupal / drupal	7.0-alpha3	7.0-alpha3.x
drupal / drupal	6.3	6.3.x
drupal / drupal	7.2	7.2.x
drupal / drupal	6.0-rc1	6.0-rc1.x
drupal / drupal	6.29	6.29.x
drupal / drupal	6.20	6.20.x
drupal / drupal	6.9	6.9.x
debian / debian_linux	8.0	8.0.x
debian / debian_linux	9.0	9.0.x

Vulnerability Database

314,342

CVE-2015-2750

Deep Security Visibility Without the Complexity