Lucene search
GoogleOSV:GHSA-FMQH-2J2X-VGP3HistoryMay 17, 2022 - 3:47 a.m.
Drupal Unprivileged access to config export
2022-05-1703:47:57
Google
osv.dev
3
The system.temporary route in Drupal 8.x before 8.1.10 does not properly check for “Export configuration” permission, which allows remote authenticated users to bypass intended access restrictions and read a full config export via unspecified vectors.
References
www.securityfocus.com/bid/93101
www.securitytracker.com/id/1036886
github.com/drupal/core
github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-7572.yaml
github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-7572.yaml
nvd.nist.gov/vuln/detail/CVE-2016-7572
www.drupal.org/SA-CORE-2016-004
Related
prion
prion
Code injection
2016-10-03 18:59:00
ubuntucve
ubuntucve
CVE-2016-7572
2016-10-03 00:00:00
friendsofphp
friendsofphp
Full config export can be downloaded without administrative permissions
2016-09-21 18:39:00
Full config export can be downloaded without administrative permissions
2016-09-21 18:39:00
cve
cve
CVE-2016-7572
2016-10-03 18:59:18
checkpoint_advisories
checkpoint_advisories
Drupal Sensitive Core Files Information Disclosure (CVE-2016-7572)
2016-10-06 00:00:00
nvd
nvd
CVE-2016-7572
2016-10-03 18:59:18
debiancve
debiancve
CVE-2016-7572
2016-10-03 18:59:00
cvelist
cvelist
CVE-2016-7572
2016-10-03 18:00:00
github
github
Drupal Unprivileged access to config export
2022-05-17 03:47:57
drupal
drupal
Drupal Core - Critical - Multiple Vulnerabilities - SA-CORE-2016-004
2016-09-21 00:00:00
nessus
nessus
Drupal 8.2.x < 8.2.0-rc2 Multiple Vulnerabilities
2018-11-05 00:00:00
Drupal 8.1.x < 8.1.10 Multiple Vulnerabilities
2016-10-28 00:00:00
Drupal 8.x < 8.1.10 Multiple Vulnerabilities
2018-11-05 00:00:00
openvas
openvas
Drupal Multiple Vulnerabilities (SA-CORE-2016-004) - Linux
2016-10-07 00:00:00
Drupal Multiple Vulnerabilities (SA-CORE-2016-004) - Windows
2016-10-07 00:00:00