CVE-2016-3162

Source
https://cve.org/CVERecord?id=CVE-2016-3162
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-3162.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2016-3162
Aliases
Downstream
Published
2016-04-12T15:59:00.117Z
Modified
2026-07-08T05:49:08.218144040Z
Severity
  • 8.1 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
Summary
[none]
Details

The File module in Drupal 7.x before 7.43 and 8.x before 8.0.4 allows remote authenticated users to bypass access restrictions and read, delete, or substitute a link to a file uploaded to an unprocessed form by leveraging permission to create content or comment and upload files.

Database specific
{
    "unresolved_ranges": [
        {
            "cpes": [
                "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"
            ],
            "vendor_product": "debian:debian_linux",
            "extracted_events": [
                {
                    "introduced": "7.0"
                },
                {
                    "last_affected": "7.0"
                },
                {
                    "introduced": "8.0"
                },
                {
                    "last_affected": "8.0"
                }
            ],
            "source": "CPE_STRING"
        },
        {
            "cpes": [
                "cpe:2.3:a:drupal:drupal:7.0:rc1:*:*:*:*:*:*",
                "cpe:2.3:a:drupal:drupal:7.0:rc2:*:*:*:*:*:*",
                "cpe:2.3:a:drupal:drupal:7.0:rc3:*:*:*:*:*:*",
                "cpe:2.3:a:drupal:drupal:7.0:rc4:*:*:*:*:*:*"
            ],
            "extracted_events": [
                {
                    "introduced": "7.0-rc1"
                },
                {
                    "last_affected": "7.0-rc1"
                },
                {
                    "introduced": "7.0-rc2"
                },
                {
                    "last_affected": "7.0-rc2"
                },
                {
                    "introduced": "7.0-rc3"
                },
                {
                    "last_affected": "7.0-rc3"
                },
                {
                    "introduced": "7.0-rc4"
                },
                {
                    "last_affected": "7.0-rc4"
                }
            ],
            "vendor_product": "drupal:drupal",
            "source": "CPE_STRING"
        }
    ]
}
References

Affected packages

Git / github.com/drupal/drupal

Affected ranges

Type
GIT
Repo
https://github.com/drupal/drupal
Events
Database specific
{
    "cpe": [
        "cpe:2.3:a:drupal:drupal:7.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:drupal:drupal:7.0:dev:*:*:*:*:*:*",
        "cpe:2.3:a:drupal:drupal:7.x-dev:*:*:*:*:*:*:*",
        "cpe:2.3:a:drupal:drupal:7.0:alpha1:*:*:*:*:*:*",
        "cpe:2.3:a:drupal:drupal:7.0:alpha2:*:*:*:*:*:*",
        "cpe:2.3:a:drupal:drupal:7.0:alpha3:*:*:*:*:*:*",
        "cpe:2.3:a:drupal:drupal:7.0:alpha4:*:*:*:*:*:*",
        "cpe:2.3:a:drupal:drupal:7.0:alpha5:*:*:*:*:*:*",
        "cpe:2.3:a:drupal:drupal:7.0:alpha6:*:*:*:*:*:*",
        "cpe:2.3:a:drupal:drupal:7.0:alpha7:*:*:*:*:*:*",
        "cpe:2.3:a:drupal:drupal:7.0:beta1:*:*:*:*:*:*",
        "cpe:2.3:a:drupal:drupal:7.0:beta2:*:*:*:*:*:*",
        "cpe:2.3:a:drupal:drupal:7.0:beta3:*:*:*:*:*:*",
        "cpe:2.3:a:drupal:drupal:7.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:drupal:drupal:7.2:*:*:*:*:*:*:*",
        "cpe:2.3:a:drupal:drupal:7.3:*:*:*:*:*:*:*",
        "cpe:2.3:a:drupal:drupal:7.4:*:*:*:*:*:*:*",
        "cpe:2.3:a:drupal:drupal:7.5:*:*:*:*:*:*:*",
        "cpe:2.3:a:drupal:drupal:7.6:*:*:*:*:*:*:*",
        "cpe:2.3:a:drupal:drupal:7.7:*:*:*:*:*:*:*",
        "cpe:2.3:a:drupal:drupal:7.8:*:*:*:*:*:*:*",
        "cpe:2.3:a:drupal:drupal:7.9:*:*:*:*:*:*:*",
        "cpe:2.3:a:drupal:drupal:7.10:*:*:*:*:*:*:*",
        "cpe:2.3:a:drupal:drupal:7.11:*:*:*:*:*:*:*",
        "cpe:2.3:a:drupal:drupal:7.12:*:*:*:*:*:*:*",
        "cpe:2.3:a:drupal:drupal:7.13:*:*:*:*:*:*:*",
        "cpe:2.3:a:drupal:drupal:7.14:*:*:*:*:*:*:*",
        "cpe:2.3:a:drupal:drupal:7.15:*:*:*:*:*:*:*",
        "cpe:2.3:a:drupal:drupal:7.16:*:*:*:*:*:*:*",
        "cpe:2.3:a:drupal:drupal:7.17:*:*:*:*:*:*:*",
        "cpe:2.3:a:drupal:drupal:7.18:*:*:*:*:*:*:*",
        "cpe:2.3:a:drupal:drupal:7.19:*:*:*:*:*:*:*",
        "cpe:2.3:a:drupal:drupal:7.20:*:*:*:*:*:*:*",
        "cpe:2.3:a:drupal:drupal:7.21:*:*:*:*:*:*:*",
        "cpe:2.3:a:drupal:drupal:7.22:*:*:*:*:*:*:*",
        "cpe:2.3:a:drupal:drupal:7.23:*:*:*:*:*:*:*",
        "cpe:2.3:a:drupal:drupal:7.24:*:*:*:*:*:*:*",
        "cpe:2.3:a:drupal:drupal:7.25:*:*:*:*:*:*:*",
        "cpe:2.3:a:drupal:drupal:7.26:*:*:*:*:*:*:*",
        "cpe:2.3:a:drupal:drupal:7.27:*:*:*:*:*:*:*",
        "cpe:2.3:a:drupal:drupal:7.28:*:*:*:*:*:*:*",
        "cpe:2.3:a:drupal:drupal:7.29:*:*:*:*:*:*:*",
        "cpe:2.3:a:drupal:drupal:7.30:*:*:*:*:*:*:*",
        "cpe:2.3:a:drupal:drupal:7.31:*:*:*:*:*:*:*",
        "cpe:2.3:a:drupal:drupal:7.32:*:*:*:*:*:*:*",
        "cpe:2.3:a:drupal:drupal:7.33:*:*:*:*:*:*:*",
        "cpe:2.3:a:drupal:drupal:7.34:*:*:*:*:*:*:*",
        "cpe:2.3:a:drupal:drupal:7.35:*:*:*:*:*:*:*",
        "cpe:2.3:a:drupal:drupal:7.36:*:*:*:*:*:*:*",
        "cpe:2.3:a:drupal:drupal:7.37:*:*:*:*:*:*:*",
        "cpe:2.3:a:drupal:drupal:7.38:*:*:*:*:*:*:*",
        "cpe:2.3:a:drupal:drupal:7.40:*:*:*:*:*:*:*",
        "cpe:2.3:a:drupal:drupal:7.41:*:*:*:*:*:*:*",
        "cpe:2.3:a:drupal:drupal:8.0.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:drupal:drupal:8.0.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:drupal:drupal:8.0.2:*:*:*:*:*:*:*",
        "cpe:2.3:a:drupal:drupal:8.0.3:*:*:*:*:*:*:*"
    ],
    "extracted_events": [
        {
            "introduced": "7.0"
        },
        {
            "last_affected": "7.0"
        },
        {
            "introduced": "7.0-dev"
        },
        {
            "last_affected": "7.0-dev"
        },
        {
            "introduced": "7.x-dev"
        },
        {
            "last_affected": "7.x-dev"
        },
        {
            "introduced": "7.0-alpha1"
        },
        {
            "last_affected": "7.0-alpha1"
        },
        {
            "introduced": "7.0-alpha2"
        },
        {
            "last_affected": "7.0-alpha2"
        },
        {
            "introduced": "7.0-alpha3"
        },
        {
            "last_affected": "7.0-alpha3"
        },
        {
            "introduced": "7.0-alpha4"
        },
        {
            "last_affected": "7.0-alpha4"
        },
        {
            "introduced": "7.0-alpha5"
        },
        {
            "last_affected": "7.0-alpha5"
        },
        {
            "introduced": "7.0-alpha6"
        },
        {
            "last_affected": "7.0-alpha6"
        },
        {
            "introduced": "7.0-alpha7"
        },
        {
            "last_affected": "7.0-alpha7"
        },
        {
            "introduced": "7.0-beta1"
        },
        {
            "last_affected": "7.0-beta1"
        },
        {
            "introduced": "7.0-beta2"
        },
        {
            "last_affected": "7.0-beta2"
        },
        {
            "introduced": "7.0-beta3"
        },
        {
            "last_affected": "7.0-beta3"
        },
        {
            "introduced": "7.1"
        },
        {
            "last_affected": "7.1"
        },
        {
            "introduced": "7.2"
        },
        {
            "last_affected": "7.2"
        },
        {
            "introduced": "7.3"
        },
        {
            "last_affected": "7.3"
        },
        {
            "introduced": "7.4"
        },
        {
            "last_affected": "7.4"
        },
        {
            "introduced": "7.5"
        },
        {
            "last_affected": "7.5"
        },
        {
            "introduced": "7.6"
        },
        {
            "last_affected": "7.6"
        },
        {
            "introduced": "7.7"
        },
        {
            "last_affected": "7.7"
        },
        {
            "introduced": "7.8"
        },
        {
            "last_affected": "7.8"
        },
        {
            "introduced": "7.9"
        },
        {
            "last_affected": "7.9"
        },
        {
            "introduced": "7.10"
        },
        {
            "last_affected": "7.10"
        },
        {
            "introduced": "7.11"
        },
        {
            "last_affected": "7.11"
        },
        {
            "introduced": "7.12"
        },
        {
            "last_affected": "7.12"
        },
        {
            "introduced": "7.13"
        },
        {
            "last_affected": "7.13"
        },
        {
            "introduced": "7.14"
        },
        {
            "last_affected": "7.14"
        },
        {
            "introduced": "7.15"
        },
        {
            "last_affected": "7.15"
        },
        {
            "introduced": "7.16"
        },
        {
            "last_affected": "7.16"
        },
        {
            "introduced": "7.17"
        },
        {
            "last_affected": "7.17"
        },
        {
            "introduced": "7.18"
        },
        {
            "last_affected": "7.18"
        },
        {
            "introduced": "7.19"
        },
        {
            "last_affected": "7.19"
        },
        {
            "introduced": "7.20"
        },
        {
            "last_affected": "7.20"
        },
        {
            "introduced": "7.21"
        },
        {
            "last_affected": "7.21"
        },
        {
            "introduced": "7.22"
        },
        {
            "last_affected": "7.22"
        },
        {
            "introduced": "7.23"
        },
        {
            "last_affected": "7.23"
        },
        {
            "introduced": "7.24"
        },
        {
            "last_affected": "7.24"
        },
        {
            "introduced": "7.25"
        },
        {
            "last_affected": "7.25"
        },
        {
            "introduced": "7.26"
        },
        {
            "last_affected": "7.26"
        },
        {
            "introduced": "7.27"
        },
        {
            "last_affected": "7.27"
        },
        {
            "introduced": "7.28"
        },
        {
            "last_affected": "7.28"
        },
        {
            "introduced": "7.29"
        },
        {
            "last_affected": "7.29"
        },
        {
            "introduced": "7.30"
        },
        {
            "last_affected": "7.30"
        },
        {
            "introduced": "7.31"
        },
        {
            "last_affected": "7.31"
        },
        {
            "introduced": "7.32"
        },
        {
            "last_affected": "7.32"
        },
        {
            "introduced": "7.33"
        },
        {
            "last_affected": "7.33"
        },
        {
            "introduced": "7.34"
        },
        {
            "last_affected": "7.34"
        },
        {
            "introduced": "7.35"
        },
        {
            "last_affected": "7.35"
        },
        {
            "introduced": "7.36"
        },
        {
            "last_affected": "7.36"
        },
        {
            "introduced": "7.37"
        },
        {
            "last_affected": "7.37"
        },
        {
            "introduced": "7.38"
        },
        {
            "last_affected": "7.38"
        },
        {
            "introduced": "7.40"
        },
        {
            "last_affected": "7.40"
        },
        {
            "introduced": "7.41"
        },
        {
            "last_affected": "7.41"
        },
        {
            "introduced": "8.0.0"
        },
        {
            "last_affected": "8.0.0"
        },
        {
            "introduced": "8.0.1"
        },
        {
            "last_affected": "8.0.1"
        },
        {
            "introduced": "8.0.2"
        },
        {
            "last_affected": "8.0.2"
        },
        {
            "introduced": "8.0.3"
        },
        {
            "last_affected": "8.0.3"
        }
    ],
    "source": "CPE_STRING"
}

Affected versions

7.*
7.0
7.0-alpha1
7.0-alpha2
7.0-alpha3
7.0-alpha4
7.0-alpha5
7.0-alpha6
7.0-alpha7
7.0-beta1
7.0-beta2
7.0-beta3
7.1
7.10
7.11
7.12
7.13
7.14
7.15
7.16
7.17
7.18
7.19
7.2
7.20
7.21
7.22
7.23
7.24
7.25
7.26
7.27
7.28
7.29
7.3
7.30
7.31
7.32
7.33
7.34
7.35
7.36
7.37
7.38
7.4
7.40
7.41
7.5
7.6
7.7
7.8
7.9
8.*
8.0-alpha10
8.0-alpha11
8.0-alpha12
8.0-alpha13
8.0-alpha2
8.0-alpha3
8.0-alpha4
8.0-alpha5
8.0-alpha6
8.0-alpha7
8.0-alpha8
8.0-alpha9
8.0.0
8.0.0-alpha14
8.0.0-alpha15
8.0.0-beta1
8.0.0-beta10
8.0.0-beta11
8.0.0-beta12
8.0.0-beta13
8.0.0-beta14
8.0.0-beta15
8.0.0-beta16
8.0.0-beta2
8.0.0-beta3
8.0.0-beta4
8.0.0-beta5
8.0.0-beta6
8.0.0-beta7
8.0.0-beta9
8.0.0-rc1
8.0.0-rc2
8.0.0-rc3
8.0.0-rc4
8.0.1
8.0.2
8.0.3

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-3162.json"