8.5

CVE-2016-3168

The System module in Drupal 6.x before 6.38 and 7.x before 7.43 might allow remote attackers to hijack the authentication of site administrators for requests that download and run files with arbitrary JSON-encoded content, aka a "reflected file download vulnerability."

Data is provided by the National Vulnerability Database (NVD)
DrupalDrupal Version6.0
DrupalDrupal Version6.0 Updatebeta1
DrupalDrupal Version6.0 Updatebeta2
DrupalDrupal Version6.0 Updatebeta3
DrupalDrupal Version6.0 Updatebeta4
DrupalDrupal Version6.0 Updatedev
DrupalDrupal Version6.0 Updaterc1
DrupalDrupal Version6.0 Updaterc2
DrupalDrupal Version6.0 Updaterc3
DrupalDrupal Version6.0 Updaterc4
DrupalDrupal Version6.1
DrupalDrupal Version6.2
DrupalDrupal Version6.3
DrupalDrupal Version6.4
DrupalDrupal Version6.5
DrupalDrupal Version6.6
DrupalDrupal Version6.7
DrupalDrupal Version6.8
DrupalDrupal Version6.9
DrupalDrupal Version6.10
DrupalDrupal Version6.11
DrupalDrupal Version6.12
DrupalDrupal Version6.13
DrupalDrupal Version6.14
DrupalDrupal Version6.15
DrupalDrupal Version6.16
DrupalDrupal Version6.17
DrupalDrupal Version6.18
DrupalDrupal Version6.19
DrupalDrupal Version6.20
DrupalDrupal Version6.21
DrupalDrupal Version6.22
DrupalDrupal Version6.23
DrupalDrupal Version6.24
DrupalDrupal Version6.25
DrupalDrupal Version6.26
DrupalDrupal Version6.27
DrupalDrupal Version6.28
DrupalDrupal Version6.29
DrupalDrupal Version6.30
DrupalDrupal Version6.31
DrupalDrupal Version6.32
DrupalDrupal Version6.33
DrupalDrupal Version6.34
DrupalDrupal Version6.35
DrupalDrupal Version6.36
DrupalDrupal Version6.37
DrupalDrupal Version7.0
DrupalDrupal Version7.0 Updatealpha1
DrupalDrupal Version7.0 Updatealpha2
DrupalDrupal Version7.0 Updatealpha3
DrupalDrupal Version7.0 Updatealpha4
DrupalDrupal Version7.0 Updatealpha5
DrupalDrupal Version7.0 Updatealpha6
DrupalDrupal Version7.0 Updatealpha7
DrupalDrupal Version7.0 Updatebeta1
DrupalDrupal Version7.0 Updatebeta2
DrupalDrupal Version7.0 Updatebeta3
DrupalDrupal Version7.0 Updatedev
DrupalDrupal Version7.0 Updaterc1
DrupalDrupal Version7.0 Updaterc2
DrupalDrupal Version7.0 Updaterc3
DrupalDrupal Version7.0 Updaterc4
DrupalDrupal Version7.1
DrupalDrupal Version7.2
DrupalDrupal Version7.3
DrupalDrupal Version7.4
DrupalDrupal Version7.5
DrupalDrupal Version7.6
DrupalDrupal Version7.7
DrupalDrupal Version7.8
DrupalDrupal Version7.9
DrupalDrupal Version7.10
DrupalDrupal Version7.11
DrupalDrupal Version7.12
DrupalDrupal Version7.13
DrupalDrupal Version7.14
DrupalDrupal Version7.15
DrupalDrupal Version7.16
DrupalDrupal Version7.17
DrupalDrupal Version7.18
DrupalDrupal Version7.19
DrupalDrupal Version7.20
DrupalDrupal Version7.21
DrupalDrupal Version7.22
DrupalDrupal Version7.23
DrupalDrupal Version7.24
DrupalDrupal Version7.25
DrupalDrupal Version7.26
DrupalDrupal Version7.27
DrupalDrupal Version7.28
DrupalDrupal Version7.29
DrupalDrupal Version7.30
DrupalDrupal Version7.31
DrupalDrupal Version7.32
DrupalDrupal Version7.33
DrupalDrupal Version7.34
DrupalDrupal Version7.35
DrupalDrupal Version7.36
DrupalDrupal Version7.37
DrupalDrupal Version7.38
DrupalDrupal Version7.40
DrupalDrupal Version7.41
DrupalDrupal Version7.42
DrupalDrupal Version7.x-dev
DebianDebian Linux Version7.0
DebianDebian Linux Version8.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.54% 0.666
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 6.4 0.5 5.9
CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 8.5 6.8 10
AV:N/AC:M/Au:S/C:C/I:C/A:C