CVE-2016-3168 – drupal/core

Package

Manager: composer
Name: drupal/core
Vulnerable Version: >=6.0 <6.38 || >=7.0 <7.43

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

EPSS: 0.00419 pctl0.61043

Details

Drupal Reflected file download vulnerability The System module in Drupal 6.x before 6.38 and 7.x before 7.43 might allow remote attackers to hijack the authentication of site administrators for requests that download and run files with arbitrary JSON-encoded content, aka a "reflected file download vulnerability."

Metadata

Created: 2022-05-17T03:57:06Z
Modified: 2024-04-23T17:19:29Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-qqxc-cppg-4xp8/GHSA-qqxc-cppg-4xp8.json
CWE IDs: []
Alternative ID: GHSA-qqxc-cppg-4xp8
Finding: F100
Auto approve: 1