cbcvebase.
CVE-2016-3162
published 2016-04-12

CVE-2016-3162: The File module in Drupal 7.x before 7.43 and 8.x before 8.0.4 allows remote authenticated users to bypass access restrictions and read, delete, or substitute…

PriorityP346high8.1CVSS 3.0
AVNACLPRLUINSUCHIHAN
EPSS
1.59%
72.6th percentile
The File module in Drupal 7.x before 7.43 and 8.x before 8.0.4 allows remote authenticated users to bypass access restrictions and read, delete, or substitute a link to a file uploaded to an unprocessed form by leveraging permission to create content or comment and upload files.

Affected

52 ranges· showing 25
VendorProductVersion rangeFixed in
debiandebian_linux
debiandebian_linux
drupalcore>= 7.0 < 7.437.43
drupalcore>= 8.0 < 8.0.48.0.4
drupaldrupal
drupaldrupal
drupaldrupal
drupaldrupal
drupaldrupal
drupaldrupal
drupaldrupal
drupaldrupal
drupaldrupal
drupaldrupal
drupaldrupal
drupaldrupal
drupaldrupal
drupaldrupal
drupaldrupal
drupaldrupal
drupaldrupal
drupaldrupal
drupaldrupal
drupaldrupal
drupaldrupal

CVSS provenance

nvdv3.08.1HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
osv8.1HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.