Description

The User module in Drupal 7.x before 7.44 allows remote authenticated users to gain privileges via vectors involving contributed or custom code that triggers a rebuild of the user profile form.

Remediation

References

CVE-2016-6211

Related Vulnerabilities

ownCloud Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-4397)

WordPress 6.5.x Multiple Vulnerabilities (6.5 - 6.5.4)

WordPress Plugin GigPress SQL Injection (2.3.28)

WordPress Plugin Spam protection, AntiSpam, FireWall by CleanTalk SQL Injection (5.185)

WordPress Plugin WordPress Backup and Migrate-Backup Guard Unspecified Vulnerability (1.0.6)

Severity

High

Classification

CVE-2016-6211 CWE-264 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities