CVE-2016-3162 – drupal/core

Package

Manager: composer
Name: drupal/core
Vulnerable Version: >=7.0 <7.43 || >=8.0 <8.0.4

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00207 pctl0.43122

Details

Drupal File upload access bypass and denial of service The File module in Drupal 7.x before 7.43 and 8.x before 8.0.4 allows remote authenticated users to bypass access restrictions and read, delete, or substitute a link to a file uploaded to an unprocessed form by leveraging permission to create content or comment and upload files.

Metadata

Created: 2022-05-17T03:56:29Z
Modified: 2024-04-23T22:18:51Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-w2pj-c8x5-jvg2/GHSA-w2pj-c8x5-jvg2.json
CWE IDs: ["CWE-284"]
Alternative ID: GHSA-w2pj-c8x5-jvg2
Finding: F039
Auto approve: 1