Cookie Consent by Free Privacy Policy Generator website CVE-2016-7572 | Drupal up to 8.1.9 Configuration Export system.temporary access control (Nessus ID 94051 / ID 11691) u

Portal Nachrichten

WIRKLICH FIXED: RSS feeds abonnieren!!!


➠ CVE-2016-7572 | Drupal up to 8.1.9 Configuration Export system.temporary access control (Nessus ID 94051 / ID 11691)

A vulnerability was found in Drupal up to 8.1.9. It has been classified as problematic. Affected is the function system.temporary of the component Configuration Export Handler. The manipulation leads to improper access controls. This vulnerability is traded as CVE-2016-7572. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component....


➦ Sicherheitslücken / Exploits ☆ vuldb.com

➠ Komplette Nachricht lesen


Zur Startseite

➤ Ähnliche Beiträge für 'CVE-2016-7572 | Drupal up to 8.1.9 Configuration Export system.temporary access control (Nessus ID 94051 / ID 11691)'

Improper input validation in Drupal core form

vom 2250.79 Punkte
Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in

[SA-CORE-2021-002] Extended XSS attribute sanitize filter to prevent cross-site scripting

vom 1851.59 Punkte
Drupal core's sanitize API failed to properly filter cross-site scripting under certain circumstances. This vulnerability affects the following application versions: Drupal 7.0 Drupal 7.1

Access bypass - SA-CORE-2022-013

vom 1763.82 Punkte
Under certain circumstances, the Drupal core form API evaluates form element access incorrectly. This may lead to a user being able to alter data they should not have access to. No forms provided by Drupal core are known to be vulnerable. However, fo

Access bypass - SA-CORE-2022-013

vom 1763.82 Punkte
Under certain circumstances, the Drupal core form API evaluates form element access incorrectly. This may lead to a user being able to alter data they should not have access to. No forms provided by Drupal core are known to be vulnerable. However, fo

Multiple vulnerabilities - SA-CORE-2022-016

vom 1651.52 Punkte
Official Description: Multiple vulnerabilities are possible if an untrusted user has access to write Twig code, including potential unauthorized read access to private files, the contents of other files on the server, or database credentials. Thi

[SA-CORE-2020-012] Remote code execution

vom 1647.75 Punkte
Drupal core did not properly sanitize certain filenames on uploaded files, which could lead to files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosting configurations. This vulnerabi

Improper input validation - SA-CORE-2022-008

vom 1630.76 Punkte
Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in

Information disclosure in Quick Edit module

vom 1534.49 Punkte
The Quick Edit module does not properly check entity access in some circumstances. This could result in users with the "access in-place editing" permission viewing some content they are are not authorized to access. This vulnerability affects the follo

[SA-CORE-2020-004] Cross Site Request Forgery

vom 1477.88 Punkte
The Drupal core Form API didn't properly handle certain form input from cross-site requests, which could lead to other vulnerabilities. This vulnerability affects the following application versions: Drupal 7.0 Drupal 7.1

[SA-CORE-2019-004] Cross Site Scripting in the File module/subsystem

vom 1460.89 Punkte
Under certain circumstances the File module/subsystem allowed a malicious user to upload a file that could trigger a cross-site scripting (XSS) vulnerability. Part of security release SA-CORE-2019-004 This vulnerability affects the following app

[SA-CORE-2021-009] Access bypass

vom 1380.49 Punkte
The QuickEdit module does not properly check access to fields in some circumstances, which can lead to unintended disclosure of field data. Sites are only affected if the QuickEdit module (which comes with the Standard profile) is installed. CVE-2020-13676 This vulnerability

[SA-CORE-2021-007] Cross Site Request Forgery

vom 1380.49 Punkte
The QuickEdit module does not properly validate access to routes, which could allow cross-site request forgery under some circumstances and lead to possible data integrity issues. Sites are only affected if the QuickEdit module (which comes with the S

Team Security Diskussion über CVE-2016-7572 | Drupal up to 8.1.9 Configuration Export system.temporary access control (Nessus ID 94051 / ID 11691)