Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Drupal 7PK - Security Features Vulnerability - CVE-2016-3168 - Vulnerability Database
Drupal

Drupal 7PK - Security Features Vulnerability - CVE-2016-3168

Medium
Reference: CVE-2016-3168
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2016-3168
Title: Drupal 7PK - Security Features Vulnerability
Overview:

The System module in Drupal 6.x before 6.38 and 7.x before 7.43 might allow remote attackers to hijack the authentication of site administrators for requests that download and run files with arbitrary JSON-encoded content aka a quotreflected file download vulnerability.quot