CVE-2016-3162

CWE-284 — Improper Access Control10 documents5 sources

Severity

8.1HIGH

EPSS

0.3%

top 47.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Drupal Core Drupal Drupal Debian Debian Linux

Timeline

PublishedApr 12

Latest updateMay 17

Description

The File module in Drupal 7.x before 7.43 and 8.x before 8.0.4 allows remote authenticated users to bypass access restrictions and read, delete, or substitute a link to a file uploaded to an unprocessed form by leveraging permission to create content or comment and upload files.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 2.8 | Impact: 5.2

Affected Packages3 packages

▶Packagistdrupal/core7.0 — 7.43+1

▶Packagistdrupal/drupal8.0 — 8.0.4+1

▶NVDdrupal/drupal46 versions+45

Also affects: Debian Linux 7.0, 8.0

Patches

Patch: www.drupal.org ↗Patch: www.drupal.org ↗

🔴Vulnerability Details

OSV

Drupal File upload access bypass and denial of service↗2022-05-17

▶

GHSA

Drupal File upload access bypass and denial of service↗2022-05-17

▶

OSV

CVE-2016-3162: The File module in Drupal 7↗2016-04-12

▶

CVEList

CVE-2016-3162: The File module in Drupal 7↗2016-04-12

▶

💬Community

Bugzilla

CVE-2016-3162 drupal7: drupal: several issues fixed in 7.43 and 6.38 (SA-CORE-2016-001) [fedora-all]↗2016-02-26

▶

Bugzilla

CVE-2016-3162 drupal7: drupal: several issues fixed in 7.43 and 6.38 (SA-CORE-2016-001) [epel-all]↗2016-02-26

▶

Bugzilla

CVE-2016-3162 CVE-2016-3163 CVE-2016-3164 CVE-2016-3165 CVE-2016-3166 CVE-2016-3167 CVE-2016-3168 CVE-2016-3169 CVE-2016-3170 CVE-2016-3171 drupal: several issues fixed in 7.43 and 6.38 (SA-CORE-2016-↗2016-02-26

▶

Bugzilla

CVE-2016-3162 drupal6: drupal: several issues fixed in 7.43 and 6.38 (SA-CORE-2016-001) [epel-all]↗2016-02-26

▶

Bugzilla

CVE-2016-3162 drupal6: drupal: several issues fixed in 7.43 and 6.38 (SA-CORE-2016-001) [fedora-all]↗2016-02-26

▶