CVE Vulnerabilities

CVE-2016-6211

Published: Sep 09, 2016 | Modified: Nov 28, 2016
CVSS 3.x
8.8
HIGH
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
6.5 MEDIUM
AV:N/AC:L/Au:S/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

The User module in Drupal 7.x before 7.44 allows remote authenticated users to gain privileges via vectors involving contributed or custom code that triggers a rebuild of the user profile form.

Affected Software

Name Vendor Start Version End Version
Drupal Drupal 7.0 7.0
Drupal Drupal 7.0 7.0
Drupal Drupal 7.0 7.0
Drupal Drupal 7.39 7.39
Drupal Drupal 7.40 7.40
Drupal Drupal 7.16 7.16
Drupal Drupal 7.21 7.21
Drupal Drupal 7.0 7.0
Drupal Drupal 7.18 7.18
Drupal Drupal 7.15 7.15
Drupal Drupal 7.0 7.0
Drupal Drupal 7.38 7.38
Drupal Drupal 7.41 7.41
Drupal Drupal 7.0 7.0
Drupal Drupal 7.0 7.0
Drupal Drupal 7.0 7.0
Drupal Drupal 7.3 7.3
Drupal Drupal 7.17 7.17
Drupal Drupal 7.8 7.8
Drupal Drupal 7.0 7.0
Drupal Drupal 7.13 7.13
Drupal Drupal 7.35 7.35
Drupal Drupal 7.20 7.20
Drupal Drupal 7.5 7.5
Drupal Drupal 7.10 7.10
Drupal Drupal 7.30 7.30
Drupal Drupal 7.27 7.27
Drupal Drupal 7.6 7.6
Drupal Drupal 7.12 7.12
Drupal Drupal 7.34 7.34
Drupal Drupal 7.9 7.9
Drupal Drupal 7.0 7.0
Drupal Drupal 7.0 7.0
Drupal Drupal 7.4 7.4
Drupal Drupal 7.x-dev 7.x-dev
Drupal Drupal 7.28 7.28
Drupal Drupal 7.22 7.22
Drupal Drupal 7.0 7.0
Drupal Drupal 7.11 7.11
Drupal Drupal 7.33 7.33
Drupal Drupal 7.0 7.0
Drupal Drupal 7.19 7.19
Drupal Drupal 7.25 7.25
Drupal Drupal 7.0 7.0
Drupal Drupal 7.32 7.32
Drupal Drupal 7.24 7.24
Drupal Drupal 7.14 7.14
Drupal Drupal 7.23 7.23
Drupal Drupal 7.26 7.26
Drupal Drupal 7.0 7.0
Drupal Drupal 7.29 7.29
Drupal Drupal 7.1 7.1
Drupal Drupal 7.31 7.31
Drupal Drupal 7.7 7.7
Drupal Drupal 7.0 7.0
Drupal Drupal 7.2 7.2
Drupal Drupal 7.37 7.37
Drupal Drupal 7.42 7.42
Drupal Drupal 7.43 7.43
Drupal Drupal 7.36 7.36

References