Vulnerability Database

290,206

Total vulnerabilities in the database

CVE-2016-3169

The User module in Drupal 6.x before 6.38 and 7.x before 7.43 allows remote attackers to gain privileges by leveraging contributed or custom code that calls the user_save function with an explicit category and loads all roles into the array.

  • Published: Apr 12, 2016
  • Updated: Apr 13, 2023
  • CVE: CVE-2016-3169
  • Severity: High
  • Exploit:

CVSS v3:

  • Severity: High
  • Score: 8.1
  • AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

  • Severity: Medium
  • Score: 6.8
  • AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

Software From Fixed in
debian / debian_linux 8.0 8.0.x
debian / debian_linux 7.0 7.0.x
drupal / drupal 7.0-alpha5 7.0-alpha5.x
drupal / drupal 7.0-dev 7.0-dev.x
drupal / drupal 7.0-alpha7 7.0-alpha7.x
drupal / drupal 6.0-beta2 6.0-beta2.x
drupal / drupal 6.33 6.33.x
drupal / drupal 7.40 7.40.x
drupal / drupal 7.16 7.16.x
drupal / drupal 6.0-rc2 6.0-rc2.x
drupal / drupal 7.21 7.21.x
drupal / drupal 6.2 6.2.x
drupal / drupal 7.0-rc2 7.0-rc2.x
drupal / drupal 7.18 7.18.x
drupal / drupal 7.15 7.15.x
drupal / drupal 7.0-rc4 7.0-rc4.x
drupal / drupal 6.14 6.14.x
drupal / drupal 7.38 7.38.x
drupal / drupal 6.24 6.24.x
drupal / drupal 6.13 6.13.x
drupal / drupal 6.0-dev 6.0-dev.x
drupal / drupal 6.25 6.25.x
drupal / drupal 6.18 6.18.x
drupal / drupal 7.41 7.41.x
drupal / drupal 7.0-beta2 7.0-beta2.x
drupal / drupal 7.0-rc3 7.0-rc3.x
drupal / drupal 7.0-alpha1 7.0-alpha1.x
drupal / drupal 6.0-beta4 6.0-beta4.x
drupal / drupal 7.3 7.3.x
drupal / drupal 6.12 6.12.x
drupal / drupal 6.32 6.32.x
drupal / drupal 7.17 7.17.x
drupal / drupal 7.8 7.8.x
drupal / drupal 7.0-alpha4 7.0-alpha4.x
drupal / drupal 7.13 7.13.x
drupal / drupal 7.35 7.35.x
drupal / drupal 6.0-rc3 6.0-rc3.x
drupal / drupal 7.20 7.20.x
drupal / drupal 6.0-rc4 6.0-rc4.x
drupal / drupal 6.4 6.4.x
drupal / drupal 7.5 7.5.x
drupal / drupal 6.11 6.11.x
drupal / drupal 7.10 7.10.x
drupal / drupal 7.30 7.30.x
drupal / drupal 7.27 7.27.x
drupal / drupal 7.6 7.6.x
drupal / drupal 7.12 7.12.x
drupal / drupal 6.0-beta1 6.0-beta1.x
drupal / drupal 7.34 7.34.x
drupal / drupal 6.36 6.36.x
drupal / drupal 7.9 7.9.x
drupal / drupal 7.0-rc1 7.0-rc1.x
drupal / drupal 6.35 6.35.x
drupal / drupal 6.26 6.26.x
drupal / drupal 7.0-beta3 7.0-beta3.x
drupal / drupal 6.30 6.30.x
drupal / drupal 7.4 7.4.x
drupal / drupal 7.x-dev 7.x-dev.x
drupal / drupal 6.7 6.7.x
drupal / drupal 7.28 7.28.x
drupal / drupal 7.22 7.22.x
drupal / drupal 6.22 6.22.x
drupal / drupal 7.0-alpha2 7.0-alpha2.x
drupal / drupal 6.8 6.8.x
drupal / drupal 6.27 6.27.x
drupal / drupal 6.19 6.19.x
drupal / drupal 7.11 7.11.x
drupal / drupal 7.33 7.33.x
drupal / drupal 6.1 6.1.x
drupal / drupal 6.28 6.28.x
drupal / drupal 6.21 6.21.x
drupal / drupal 7.0-alpha6 7.0-alpha6.x
drupal / drupal 7.19 7.19.x
drupal / drupal 6.17 6.17.x
drupal / drupal 6.5 6.5.x
drupal / drupal 7.25 7.25.x
drupal / drupal 7.0 7.0.x
drupal / drupal 7.32 7.32.x
drupal / drupal 7.24 7.24.x
drupal / drupal 6.31 6.31.x
drupal / drupal 6.10 6.10.x
drupal / drupal 7.14 7.14.x
drupal / drupal 7.23 7.23.x
drupal / drupal 7.26 7.26.x
drupal / drupal 7.0-beta1 7.0-beta1.x
drupal / drupal 6.23 6.23.x
drupal / drupal 6.6 6.6.x
drupal / drupal 7.29 7.29.x
drupal / drupal 6.0 6.0.x
drupal / drupal 7.1 7.1.x
drupal / drupal 7.31 7.31.x
drupal / drupal 6.15 6.15.x
drupal / drupal 6.0-beta3 6.0-beta3.x
drupal / drupal 6.16 6.16.x
drupal / drupal 7.7 7.7.x
drupal / drupal 6.34 6.34.x
drupal / drupal 7.0-alpha3 7.0-alpha3.x
drupal / drupal 6.3 6.3.x
drupal / drupal 7.2 7.2.x
drupal / drupal 6.0-rc1 6.0-rc1.x
drupal / drupal 6.29 6.29.x
drupal / drupal 7.37 7.37.x
drupal / drupal 7.42 7.42.x
drupal / drupal 6.37 6.37.x
drupal / drupal 6.20 6.20.x
drupal / drupal 7.36 7.36.x
drupal / drupal 6.9 6.9.x