CVE-2016-6211
published 2016-09-09CVE-2016-6211: The User module in Drupal 7.x before 7.44 allows remote authenticated users to gain privileges via vectors involving contributed or custom code that triggers a…
PriorityP349high8.8CVSS 3.0
AVNACLPRLUINSUCHIHAH
EPSS
2.53%
82.9th percentile
The User module in Drupal 7.x before 7.44 allows remote authenticated users to gain privileges via vectors involving contributed or custom code that triggers a rebuild of the user profile form.
Affected
48 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| drupal | core | >= 7.0 < 7.44 | 7.44 |
| drupal | drupal | — | — |
| drupal | drupal | — | — |
| drupal | drupal | — | — |
| drupal | drupal | — | — |
| drupal | drupal | — | — |
| drupal | drupal | — | — |
| drupal | drupal | — | — |
| drupal | drupal | — | — |
| drupal | drupal | — | — |
| drupal | drupal | — | — |
| drupal | drupal | — | — |
| drupal | drupal | — | — |
| drupal | drupal | — | — |
| drupal | drupal | — | — |
| drupal | drupal | — | — |
| drupal | drupal | — | — |
| drupal | drupal | — | — |
| drupal | drupal | — | — |
| drupal | drupal | — | — |
| drupal | drupal | — | — |
| drupal | drupal | — | — |
| drupal | drupal | — | — |
| drupal | drupal | — | — |
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
osv8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Drupal Saving user accounts can sometimes grant the user all roles
ghsa·2022-05-17
CVE-2016-6211 [HIGH] CWE-269 Drupal Saving user accounts can sometimes grant the user all roles
Drupal Saving user accounts can sometimes grant the user all roles
The User module in Drupal 7.x before 7.44 allows remote authenticated users to gain privileges via vectors involving contributed or custom code that triggers a rebuild of the user profile form.
OSV
Drupal Saving user accounts can sometimes grant the user all roles
osv·2022-05-17
CVE-2016-6211 [HIGH] Drupal Saving user accounts can sometimes grant the user all roles
Drupal Saving user accounts can sometimes grant the user all roles
The User module in Drupal 7.x before 7.44 allows remote authenticated users to gain privileges via vectors involving contributed or custom code that triggers a rebuild of the user profile form.
OSV
CVE-2016-6211: The User module in Drupal 7
osv·2016-09-09·CVSS 8.8
CVE-2016-6211 [HIGH] CVE-2016-6211: The User module in Drupal 7
The User module in Drupal 7.x before 7.44 allows remote authenticated users to gain privileges via vectors involving contributed or custom code that triggers a rebuild of the user profile form.
No detection rules found.
No public exploits indexed.
http://www.debian.org/security/2016/dsa-3604http://www.openwall.com/lists/oss-security/2016/07/13/4http://www.openwall.com/lists/oss-security/2016/07/13/7http://www.securityfocus.com/bid/91230https://www.drupal.org/SA-CORE-2016-002http://www.debian.org/security/2016/dsa-3604http://www.openwall.com/lists/oss-security/2016/07/13/4http://www.openwall.com/lists/oss-security/2016/07/13/7http://www.securityfocus.com/bid/91230https://www.drupal.org/SA-CORE-2016-002
2016-09-09
Published