Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2016-7572HistoryOct 03, 2016 - 6:59 p.m.
CVE-2016-7572
2016-10-0318:59:00
Debian Security Bug Tracker
security-tracker.debian.org
4
0.001 Low
EPSS
Percentile
42.3%
The system.temporary route in Drupal 8.x before 8.1.10 does not properly check for “Export configuration” permission, which allows remote authenticated users to bypass intended access restrictions and read a full config export via unspecified vectors.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 9 | all | drupal7 | < 7.52-2+deb9u11 | drupal7_7.52-2+deb9u11_all.deb |
Related
prion
prion
Code injection
2016-10-03 18:59:00
ubuntucve
ubuntucve
CVE-2016-7572
2016-10-03 00:00:00
friendsofphp
friendsofphp
Full config export can be downloaded without administrative permissions
2016-09-21 18:39:00
Full config export can be downloaded without administrative permissions
2016-09-21 18:39:00
cve
cve
CVE-2016-7572
2016-10-03 18:59:18
osv
osv
Drupal Unprivileged access to config export
2022-05-17 03:47:57
github
github
Drupal Unprivileged access to config export
2022-05-17 03:47:57
checkpoint_advisories
checkpoint_advisories
Drupal Sensitive Core Files Information Disclosure (CVE-2016-7572)
2016-10-06 00:00:00
nvd
nvd
CVE-2016-7572
2016-10-03 18:59:18
cvelist
cvelist
CVE-2016-7572
2016-10-03 18:00:00
drupal
drupal
Drupal Core - Critical - Multiple Vulnerabilities - SA-CORE-2016-004
2016-09-21 00:00:00
openvas
openvas
Drupal Multiple Vulnerabilities (SA-CORE-2016-004) - Linux
2016-10-07 00:00:00
Drupal Multiple Vulnerabilities (SA-CORE-2016-004) - Windows
2016-10-07 00:00:00
nessus
nessus
Drupal 8.x < 8.1.10 Multiple Vulnerabilities
2018-11-05 00:00:00
Drupal 8.x < 8.1.10 Multiple Vulnerabilities
2016-10-13 00:00:00
Drupal 8.2.x < 8.2.0-rc2 Multiple Vulnerabilities
2018-11-05 00:00:00