Drupal · Drupal · CVE-2016-3165
**Name of the Vulnerable Software and Affected Versions**
Drupal versions prior to 6.38
**Description**
The issue concerns the Form API in Drupal, which ignores access restrictions on submit buttons. This might allow remote attackers to bypass intended access restrictions by submitting a form with a button that has `#access` set to FALSE in the server-side form definition.
**Recommendations**
For versions prior to 6.38, update to version 6.38 or later to resolve the issue.