cvedb.io
CVE-2016-3168
MEDIUM · CVSS 6.4
EPSS exploitation probability: 0%
Published 2016-04-12T15:59:05.963 · Last modified 2026-06-17T00:45:13.603

Summary

The System module in Drupal 6.x before 6.38 and 7.x before 7.43 might allow remote attackers to hijack the authentication of site administrators for requests that download and run files with arbitrary JSON-encoded content, aka a "reflected file download vulnerability."

Affected products

drupal — drupal

Does this affect you?

Add your gear to cvedb and we'll alert you only when drupal ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.