➠ CVE-2016-7572 | Drupal up to 8.1.9 Configuration Export system.temporary access control (Nessus ID 94051 / ID 11691)
A vulnerability was found in Drupal up to 8.1.9. It has been classified as problematic. Affected is the function system.temporary of the component Configuration Export Handler. The manipulation leads to improper access controls.
This vulnerability is traded as CVE-2016-7572. It is possible to launch the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component....
vom 2250.79 Punkte Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in
vom 1851.59 Punkte Drupal core's sanitize API failed to properly filter cross-site scripting under certain circumstances.
This vulnerability affects the following application versions:
Drupal 7.0
Drupal 7.1
vom 1763.82 Punkte Under certain circumstances, the Drupal core form API evaluates form element access incorrectly. This may lead to a user being able to alter data they should not have access to. No forms provided by Drupal core are known to be vulnerable. However, fo
vom 1763.82 Punkte Under certain circumstances, the Drupal core form API evaluates form element access incorrectly. This may lead to a user being able to alter data they should not have access to. No forms provided by Drupal core are known to be vulnerable. However, fo
vom 1651.52 Punkte Official Description: Multiple vulnerabilities are possible if an untrusted user has access to write Twig code, including potential unauthorized read access to private files, the contents of other files on the server, or database credentials.
Thi
vom 1647.75 Punkte Drupal core did not properly sanitize certain filenames on uploaded files, which could lead to files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosting configurations.
This vulnerabi
vom 1630.76 Punkte Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in
vom 1534.49 Punkte The Quick Edit module does not properly check entity access in some circumstances. This could result in users with the "access in-place editing" permission viewing some content they are are not authorized to access.
This vulnerability affects the follo
vom 1477.88 Punkte The Drupal core Form API didn't properly handle certain form input from cross-site requests, which could lead to other vulnerabilities.
This vulnerability affects the following application versions:
Drupal 7.0
Drupal 7.1
vom 1460.89 Punkte
Under certain circumstances the File module/subsystem allowed a malicious user to upload a file that could trigger a cross-site scripting (XSS) vulnerability.
Part of security release SA-CORE-2019-004
This vulnerability affects the following app
vom 1380.49 Punkte The QuickEdit module does not properly check access to fields in some circumstances, which can lead to unintended disclosure of field data.
Sites are only affected if the QuickEdit module (which comes with the Standard profile) is installed.
CVE-2020-13676
This vulnerability
vom 1380.49 Punkte The QuickEdit module does not properly validate access to routes, which could allow cross-site request forgery under some circumstances and lead to possible data integrity issues.
Sites are only affected if the QuickEdit module (which comes with the S
Team Security Diskussion über CVE-2016-7572 | Drupal up to 8.1.9 Configuration Export system.temporary access control (Nessus ID 94051 / ID 11691)
