Drupal · Drupal · CVE-2016-3169
**Name of the Vulnerable Software and Affected Versions**
Drupal versions 6.x prior to 6.38
Drupal versions 7.x prior to 7.43
**Description**
The issue allows remote attackers to gain privileges by leveraging contributed or custom code that calls the `user save` function with an explicit category and loads all roles into the array.
**Recommendations**
For Drupal 6.x, update to version 6.38 or later.
For Drupal 7.x, update to version 7.43 or later.