Description

The User module in Drupal 7.x before 7.44 allows remote authenticated users to gain privileges via vectors involving contributed or custom code that triggers a rebuild of the user profile form.

Remediation

References

CVE-2016-6211

Related Vulnerabilities

WordPress Plugin Image Gallery with Slideshow Multiple Vulnerabilities (1.5.2)

WordPress Plugin Data Tables Generator by Supsystic Security Bypass (1.10.25)

MySQL CVE-2014-0427 Vulnerability (CVE-2014-0427)

WordPress Plugin Per page add to head Cross-Site Request Forgery (1.4.3)

Oracle Database Server CVE-2013-3826 Vulnerability (CVE-2013-3826)

Severity

High

Classification

CVE-2016-6211 CWE-264 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities