CVE-2016-3168

6.4MEDIUM

Key Information

Vendor
Drupal
Status
Drupal
Vendor
CVE Published:
12 April 2016

Summary

The System module in Drupal 6.x before 6.38 and 7.x before 7.43 might allow remote attackers to hijack the authentication of site administrators for requests that download and run files with arbitrary JSON-encoded content, aka a "reflected file download vulnerability."

CVSS V3.1

Score:
6.4
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
High
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published.

  • Vulnerability Reserved.

Collectors

NVD DatabaseMitre Database
.