Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Drupal 7PK - Security Features Vulnerability (CVE-2016-3168)

Description

The System module in Drupal 6.x before 6.38 and 7.x before 7.43 might allow remote attackers to hijack the authentication of site administrators for requests that download and run files with arbitrary JSON-encoded content, aka a "reflected file download vulnerability."

Remediation

References

Related Vulnerabilities

WordPress Plugin YITH WooCommerce Order Tracking Security Bypass (1.2.10)

Oracle Database Server CVE-2006-5334 Vulnerability (CVE-2006-5334)

Oracle Application Server CVE-2008-7233 Vulnerability (CVE-2008-7233)

OpenSSL Cryptographic Issues Vulnerability (CVE-2015-0285)

WordPress Plugin Extensive VC Addons for WPBakery page builder Local File Inclusion (1.9)

Severity

Medium

Classification

CVE-2016-3168 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities