CVE-2016-3187

Name of the Vulnerable Software and Affected Versions Prepopulate module versions 7.x-2.x before 7.x-2.1

Description The issue allows remote attackers to modify the REQUEST superglobal array, which can have unspecified impact. This is achieved via a base64-encoded pp parameter.

Recommendations For Prepopulate module versions 7.x-2.x before 7.x-2.1, update to version 7.x-2.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the pp parameter to minimize the risk of exploitation.