CVE-2016-3188

The prepopulaterequestwalk function in the Prepopulate module 7.x-2.x before 7.x-2.1 for Drupal allows remote attackers to modify the 1 actions, 2 container, 3 token, 4 password, 5 passwordconfirm, 6 textformat, or 7 markup field type, and consequently have unspecified impact, via unspecified...

Drupal Prepopulate module security bypass vulnerability (CNVD-2016-01737)

Drupal is a free, open-source content management system developed in PHP and maintained by the Drupal community. prepopulate is one of the prepopulated field modules. A security vulnerability exists in Drupal Prepopulate due to the program's failure to restrict users from overriding any portion o...