2 matches found
CVE-2016-3188
The CVE-2016-3188 entry concerns Drupal’s Prepopulate module (7.x-2.x before 7.x-2.1). The flaw arises from the module failing to restrict users from overwriting arbitrary parts of $_REQUEST, enabling manipulation of fields such as actions, container, token, password, password_confirm, text_forma...
CVE-2016-3187
The CVE-2016-3187 issue affects the Drupal Prepopulate module (7.x-2.x) prior to 7.x-2.1. An attacker can modify the REQUEST superglobal via a base64-encoded pp parameter, with unspecified impact. The vulnerability is addressed by upgrading to Prepopulate 7.x-2.1 (DRUPAL-SA-CONTRIB-2016-009). Exp...