Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

CVE-2016-3162

🗓️ 12 Apr 2016 15:59:00Reported by [email protected]Type 
nvd
 nvd🔗 web.nvd.nist.gov👁 17 Views

The File module in Drupal 7.x before 7.43 and 8.x before 8.0.4 allows remote authenticated users to bypass access restrictions and read, delete, or substitute a link to a file uploaded to an unprocessed form by leveraging permission to create content or comment and upload files

Related
Detection
Refs
ReporterTitlePublishedViews
Family
CNVD		Multiple vulnerabilities in Drupal Core File module
29 Mar 201600:00
cnvd
CVE		CVE-2016-3162
12 Apr 201615:00
cve
Cvelist		CVE-2016-3162
12 Apr 201615:00
cvelist
Debian CVE		CVE-2016-3162
12 Apr 201615:00
debiancve
Tenable Nessus		Debian DSA-3498-1 : drupal7 - security update
29 Feb 201600:00
nessus
Tenable Nessus		Drupal 7.x < 7.43 Multiple Vulnerabilities
4 Mar 201600:00
nessus
Tenable Nessus		Linux Distros Unpatched Vulnerability : CVE-2016-3162
7 Aug 202500:00
nessus
EUVD		EUVD-2022-5465
3 Oct 202520:07
euvd
Friends Of PHP		File upload access bypass and denial of service
15 Feb 201618:57
friendsofphp
Friends Of PHP		File upload access bypass and denial of service
15 Feb 201618:57
friendsofphp
Rows per page
NVD
Node
drupaldrupalMatch7.0
OR
drupaldrupalMatch7.0alpha1
OR
drupaldrupalMatch7.0alpha2
OR
drupaldrupalMatch7.0alpha3
OR
drupaldrupalMatch7.0alpha4
OR
drupaldrupalMatch7.0alpha5
OR
drupaldrupalMatch7.0alpha6
OR
drupaldrupalMatch7.0alpha7
OR
drupaldrupalMatch7.0beta1
OR
drupaldrupalMatch7.0beta2
OR
drupaldrupalMatch7.0beta3
OR
drupaldrupalMatch7.0dev
OR
drupaldrupalMatch7.0rc1
OR
drupaldrupalMatch7.0rc2
OR
drupaldrupalMatch7.0rc3
OR
drupaldrupalMatch7.0rc4
OR
drupaldrupalMatch7.1
OR
drupaldrupalMatch7.2
OR
drupaldrupalMatch7.3
OR
drupaldrupalMatch7.4
OR
drupaldrupalMatch7.5
OR
drupaldrupalMatch7.6
OR
drupaldrupalMatch7.7
OR
drupaldrupalMatch7.8
OR
drupaldrupalMatch7.9
OR
drupaldrupalMatch7.10
OR
drupaldrupalMatch7.11
OR
drupaldrupalMatch7.12
OR
drupaldrupalMatch7.13
OR
drupaldrupalMatch7.14
OR
drupaldrupalMatch7.15
OR
drupaldrupalMatch7.16
OR
drupaldrupalMatch7.17
OR
drupaldrupalMatch7.18
OR
drupaldrupalMatch7.19
OR
drupaldrupalMatch7.20
OR
drupaldrupalMatch7.21
OR
drupaldrupalMatch7.22
OR
drupaldrupalMatch7.23
OR
drupaldrupalMatch7.24
OR
drupaldrupalMatch7.25
OR
drupaldrupalMatch7.26
OR
drupaldrupalMatch7.27
OR
drupaldrupalMatch7.28
OR
drupaldrupalMatch7.29
OR
drupaldrupalMatch7.30
OR
drupaldrupalMatch7.31
OR
drupaldrupalMatch7.32
OR
drupaldrupalMatch7.33
OR
drupaldrupalMatch7.34
OR
drupaldrupalMatch7.35
OR
drupaldrupalMatch7.36
OR
drupaldrupalMatch7.37
OR
drupaldrupalMatch7.38
OR
drupaldrupalMatch7.40
OR
drupaldrupalMatch7.41
OR
drupaldrupalMatch7.x-dev
OR
drupaldrupalMatch8.0.0
OR
drupaldrupalMatch8.0.1
OR
drupaldrupalMatch8.0.2
OR
drupaldrupalMatch8.0.3
Node
debiandebian_linuxMatch7.0
OR
debiandebian_linuxMatch8.0

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
06 May 2026 22:30Current
7.7High risk
Vulners AI Score7.7
CVSS 26.5
CVSS 38.1
EPSS0.00294
CWE-284
drupal 7.xdrupal 8.xremote usersauthenticatedaccess restrictionsfile modulebypassreaddeletesubstitutelinkuploaded fileunprocessed formpermissioncreate contentcommentupload.
17