Description

The User module in Drupal 7.x before 7.44 allows remote authenticated users to gain privileges via vectors involving contributed or custom code that triggers a rebuild of the user profile form.

Remediation

References

CVE-2016-6211

Related Vulnerabilities

WordPress Plugin Total Security Multiple Vulnerabilities (3.4)

MySQL CVE-2012-3173 Vulnerability (CVE-2012-3173)

Perl Numeric Errors Vulnerability (CVE-2013-7422)

WordPress Plugin Facebook Page Photo Gallery Cross-Site Scripting (2.0.9)

WordPress Plugin WP-Members Membership Cross-Site Scripting (3.4.9.2)

Severity

High

Classification

CVE-2016-6211 CWE-264 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities