PT-2016-5391 · Drupal · Drupal

Pere Orga

Publicado

2016-02-28

Atualizado

2022-05-17

CVE-2016-3162

CVSS v3.1

8.1

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Drupal versions 7.x prior to 7.43 Drupal versions 8.x prior to 8.0.4

Description The issue allows remote authenticated users to bypass access restrictions. This can lead to reading, deleting, or substituting a link to a file uploaded to an unprocessed form. The exploitation is possible by leveraging permission to create content or comment and upload files.

Recommendations For Drupal 7.x versions prior to 7.43, update to version 7.43 or later. For Drupal 8.x versions prior to 8.0.4, update to version 8.0.4 or later.

Exploit

Correção

Improper Access Control

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-284

Identificadores relacionados

CVE-2016-3162

DSA-3498-1

GHSA-W2PJ-C8X5-JVG2

Produtos afetados

Drupal

PT-2016-5391 · Drupal · Drupal

CVE-2016-3162

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 14