Lucene search
PRIOn knowledge basePRION:CVE-2016-7572HistoryOct 03, 2016 - 6:59 p.m.
Code injection
2016-10-0318:59:00
PRIOn knowledge base
www.prio-n.com
1
The system.temporary route in Drupal 8.x before 8.1.10 does not properly check for “Export configuration” permission, which allows remote authenticated users to bypass intended access restrictions and read a full config export via unspecified vectors.
| CPE | Name | Operator | Version |
|---|---|---|---|
| drupal | eq | 8.0.0 alpha9 | |
| drupal | eq | 8.0.0 beta12 | |
| drupal | eq | 8.0.0 beta15 | |
| drupal | eq | 8.1.0 rc1 | |
| drupal | eq | 8.0.0 beta3 | |
| drupal | eq | 8.0.0 alpha11 | |
| drupal | eq | 8.0.0 rc1 | |
| drupal | eq | 8.0.0 beta16 | |
| drupal | eq | 8.0.0 alpha4 | |
| drupal | eq | 8.1.2 |
Related
ubuntucve
ubuntucve
CVE-2016-7572
2016-10-03 00:00:00
friendsofphp
friendsofphp
Full config export can be downloaded without administrative permissions
2016-09-21 18:39:00
Full config export can be downloaded without administrative permissions
2016-09-21 18:39:00
cve
cve
CVE-2016-7572
2016-10-03 18:59:18
osv
osv
Drupal Unprivileged access to config export
2022-05-17 03:47:57
github
github
Drupal Unprivileged access to config export
2022-05-17 03:47:57
debiancve
debiancve
CVE-2016-7572
2016-10-03 18:59:00
checkpoint_advisories
checkpoint_advisories
Drupal Sensitive Core Files Information Disclosure (CVE-2016-7572)
2016-10-06 00:00:00
nvd
nvd
CVE-2016-7572
2016-10-03 18:59:18
cvelist
cvelist
CVE-2016-7572
2016-10-03 18:00:00
drupal
drupal
Drupal Core - Critical - Multiple Vulnerabilities - SA-CORE-2016-004
2016-09-21 00:00:00
openvas
openvas
Drupal Multiple Vulnerabilities (SA-CORE-2016-004) - Windows
2016-10-07 00:00:00
Drupal Multiple Vulnerabilities (SA-CORE-2016-004) - Linux
2016-10-07 00:00:00
nessus
nessus
Drupal 8.x < 8.1.10 Multiple Vulnerabilities
2018-11-05 00:00:00
Drupal 8.x < 8.1.10 Multiple Vulnerabilities
2016-10-13 00:00:00
Drupal 8.2.x < 8.2.0-rc2 Multiple Vulnerabilities
2018-11-05 00:00:00