Lucene search
GoogleOSV:GHSA-4GH5-3HQJ-X3PJHistoryMay 17, 2022 - 3:57 a.m.
Drupal Form API ignores access restrictions on submit buttons
2022-05-1703:57:19
Google
osv.dev
5
drupal
form api
access restrictions
The Form API in Drupal 6.x before 6.38 ignores access restrictions on submit buttons, which might allow remote attackers to bypass intended access restrictions by leveraging permission to submit a form with a button that has “#access” set to FALSE in the server-side form definition.
References
www.debian.org/security/2016/dsa-3498
www.openwall.com/lists/oss-security/2016/02/24/19
www.openwall.com/lists/oss-security/2016/03/15/10
github.com/drupal/core
github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-3165.yaml
github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-3165.yaml
nvd.nist.gov/vuln/detail/CVE-2016-3165
www.drupal.org/SA-CORE-2016-001
Related
ubuntucve
ubuntucve
CVE-2016-3165
2016-04-12 00:00:00
cvelist
cvelist
CVE-2016-3165
2016-04-12 15:00:00
prion
prion
Design/Logic Flaw
2016-04-12 15:59:00
friendsofphp
friendsofphp
Form API ignores access restrictions on submit buttons
2016-02-15 18:57:00
Form API ignores access restrictions on submit buttons
2016-02-15 18:57:00
cve
cve
CVE-2016-3165
2016-04-12 15:59:03
debiancve
debiancve
CVE-2016-3165
2016-04-12 15:59:00
nvd
nvd
CVE-2016-3165
2016-04-12 15:59:03
github
github
Drupal Form API ignores access restrictions on submit buttons
2022-05-17 03:57:19
openvas
openvas
Drupal 6.x < 6.38 Multiple Vulnerabilities (SA-CORE-2016-001) - Linux
2016-05-18 00:00:00
Drupal 6.x < 6.38 Multiple Vulnerabilities (SA-CORE-2016-001) - Windows
2016-05-18 00:00:00
drupal
drupal
Drupal Core - Critical - Multiple Vulnerabilities - SA-CORE-2016-001
2016-02-24 00:00:00