Description

The User module in Drupal 7.x before 7.44 allows remote authenticated users to gain privileges via vectors involving contributed or custom code that triggers a rebuild of the user profile form.

Remediation

References

CVE-2016-6211

Related Vulnerabilities

MediaWiki Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2022-34750)

Oracle Database Server CVE-2011-2240 Vulnerability (CVE-2011-2240)

VirtueMart access control bypass

WordPress 5.4.x PHP Object Injection (5.4 - 5.4.5)

PostgreSQL Incorrect Authorization Vulnerability (CVE-2018-10925)

Severity

High

Classification

CVE-2016-6211 CWE-264 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities