CVE-2016-3168
6.4
Vector
CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Exploitability: 0.5 / Impact: 5.9
Source: NVD
Description
The System module in Drupal 6.x before 6.38 and 7.x before 7.43 might allow remote attackers to hijack the authentication of site administrators for requests that download and run files with arbitrary JSON-encoded content, aka a "reflected file download vulnerability."
Affected (107)
Products: Drupal: Drupal · Debian: Debian Linux
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Version 7.0 |
Related CWEs
References (8)
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Timeline
No history available yet.