Drupal Core 4.6.x Form Action Attribute Injection - CVE-2006-5477

Drupal Core is prone to a form action attribute injection vulnerability because it fails to properly verify user-supplied input. An attacker may leverage this issue to redirect Drupal form submissions to a third-party site under his control thus gaining access to sensitive information such as e-mail addresses and possible other private profile data. Drupal Core versions 4.6.x ranging from 4.6.0 and up to and including 4.6.9 are vulnerable.