CVE-2016-6211

CWE-264CWE-269Improper Privilege Management6 documents5 sources
Severity
8.8HIGH
EPSS
1.1%
top 21.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Drupal CoreDrupal DrupalDebian Debian Linux
Timeline
PublishedSep 9
Latest updateMay 17

Description

The User module in Drupal 7.x before 7.44 allows remote authenticated users to gain privileges via vectors involving contributed or custom code that triggers a rebuild of the user profile form.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

Packagistdrupal/core7.07.44
Packagistdrupal/drupal7.07.44
NVDdrupal/drupal45 versions+44

Also affects: Debian Linux 8.0

🔴Vulnerability Details

4
GHSA
Drupal Saving user accounts can sometimes grant the user all roles2022-05-17
OSV
Drupal Saving user accounts can sometimes grant the user all roles2022-05-17
OSV
CVE-2016-6211: The User module in Drupal 72016-09-09
CVEList
CVE-2016-6211: The User module in Drupal 72016-09-09

💬Community

1
Bugzilla
CVE-2016-6211 CVE-2016-6212 drupal: several issues fixed in 7.442016-06-29
CVE-2016-6211 (HIGH CVSS 8.8) | The User module in Drupal 7.x befor | cvebase.io