8.2 High
AI Score
Confidence
High
0.005 Low
EPSS
Percentile
75.8%
The User module in Drupal 6.x before 6.38 and 7.x before 7.43 allows remote attackers to gain privileges by leveraging contributed or custom code that calls the user_save function with an explicit category and loads all roles into the array.
www.debian.org/security/2016/dsa-3498
www.openwall.com/lists/oss-security/2016/02/24/19
www.openwall.com/lists/oss-security/2016/03/15/10
www.drupal.org/SA-CORE-2016-001