Описание
Drupal Saving user accounts can sometimes grant the user all roles
The User module in Drupal 7.x before 7.44 allows remote authenticated users to gain privileges via vectors involving contributed or custom code that triggers a rebuild of the user profile form.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2016-6211
- https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-6211.yaml
- https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-6211.yaml
- https://www.drupal.org/SA-CORE-2016-002
- http://www.debian.org/security/2016/dsa-3604
- http://www.openwall.com/lists/oss-security/2016/07/13/4
- http://www.openwall.com/lists/oss-security/2016/07/13/7
- http://www.securityfocus.com/bid/91230
Пакеты
drupal/core
>= 7.0, < 7.44
7.44
drupal/drupal
>= 7.0, < 7.44
7.44
Связанные уязвимости
The User module in Drupal 7.x before 7.44 allows remote authenticated users to gain privileges via vectors involving contributed or custom code that triggers a rebuild of the user profile form.
The User module in Drupal 7.x before 7.44 allows remote authenticated users to gain privileges via vectors involving contributed or custom code that triggers a rebuild of the user profile form.
The User module in Drupal 7.x before 7.44 allows remote authenticated ...