CVE-2016-3168
- Source
- https://cve.org/CVERecord?id=CVE-2016-3168
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-3168.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2016-3168
- Aliases
- Downstream
- Published
- 2016-04-12T15:59:05.963Z
- Modified
- 2026-04-11T12:01:07.786676Z
- Severity
-
- 6.4 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
The System module in Drupal 6.x before 6.38 and 7.x before 7.43 might allow remote attackers to hijack the authentication of site administrators for requests that download and run files with arbitrary JSON-encoded content, aka a "reflected file download vulnerability."
- Database specific
{ "unresolved_ranges": [ { "cpe": "cpe:2.3:a:drupal:drupal:6.0:beta1:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "6.0-beta1" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:a:drupal:drupal:6.0:beta2:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "6.0-beta2" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:a:drupal:drupal:6.0:beta3:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "6.0-beta3" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:a:drupal:drupal:6.0:beta4:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "6.0-beta4" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:a:drupal:drupal:6.0:rc1:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "6.0-rc1" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:a:drupal:drupal:6.0:rc2:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "6.0-rc2" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:a:drupal:drupal:6.0:rc3:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "6.0-rc3" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:a:drupal:drupal:6.0:rc4:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "6.0-rc4" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:a:drupal:drupal:7.0:rc1:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "7.0-rc1" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:a:drupal:drupal:7.0:rc2:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "7.0-rc2" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:a:drupal:drupal:7.0:rc3:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "7.0-rc3" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:a:drupal:drupal:7.0:rc4:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "7.0-rc4" } ], "source": "CPE_FIELD" } ] }- References
Affected packages
Git / github.com/drupal/drupal
Affected ranges
- Type
- GIT
- Repo
- https://github.com/drupal/drupal
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affected
- Database specific
{ "cpe": [ "cpe:2.3:a:drupal:drupal:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:6.0:dev:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:6.1:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:6.2:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:6.3:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:6.4:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:6.5:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:6.6:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:6.7:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:6.8:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:6.9:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:6.10:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:6.11:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:6.12:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:6.13:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:6.14:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:6.15:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:6.16:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:6.17:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:6.18:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:6.19:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:6.20:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:6.21:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:6.22:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:6.23:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:6.24:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:6.25:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:6.26:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:6.27:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:6.28:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:6.29:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:6.30:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:6.31:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:6.32:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:6.33:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:6.34:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:6.35:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:6.36:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:6.37:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.0:alpha1:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.0:alpha2:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.0:alpha3:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.0:alpha4:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.0:alpha5:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.0:alpha6:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.0:alpha7:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.0:dev:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.1:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.2:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.3:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.4:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.5:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.6:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.7:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.8:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.9:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.10:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.11:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.12:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.13:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.14:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.15:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.16:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.17:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.18:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.19:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.20:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.21:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.22:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.23:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.24:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.25:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.26:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.27:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.28:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.29:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.30:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.31:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.32:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.33:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.34:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.35:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.36:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.37:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.38:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.40:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.41:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.42:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.x-dev:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" ], "extracted_events": [ { "introduced": "0" }, { "last_affected": "6.0" }, { "last_affected": "6.0-dev" }, { "last_affected": "6.1" }, { "last_affected": "6.2" }, { "last_affected": "6.3" }, { "last_affected": "6.4" }, { "last_affected": "6.5" }, { "last_affected": "6.6" }, { "last_affected": "6.7" }, { "last_affected": "6.8" }, { "last_affected": "6.9" }, { "last_affected": "6.10" }, { "last_affected": "6.11" }, { "last_affected": "6.12" }, { "last_affected": "6.13" }, { "last_affected": "6.14" }, { "last_affected": "6.15" }, { "last_affected": "6.16" }, { "last_affected": "6.17" }, { "last_affected": "6.18" }, { "last_affected": "6.19" }, { "last_affected": "6.20" }, { "last_affected": "6.21" }, { "last_affected": "6.22" }, { "last_affected": "6.23" }, { "last_affected": "6.24" }, { "last_affected": "6.25" }, { "last_affected": "6.26" }, { "last_affected": "6.27" }, { "last_affected": "6.28" }, { "last_affected": "6.29" }, { "last_affected": "6.30" }, { "last_affected": "6.31" }, { "last_affected": "6.32" }, { "last_affected": "6.33" }, { "last_affected": "6.34" }, { "last_affected": "6.35" }, { "last_affected": "6.36" }, { "last_affected": "6.37" }, { "last_affected": "7.0" }, { "last_affected": "7.0-alpha1" }, { "last_affected": "7.0-alpha2" }, { "last_affected": "7.0-alpha3" }, { "last_affected": "7.0-alpha4" }, { "last_affected": "7.0-alpha5" }, { "last_affected": "7.0-alpha6" }, { "last_affected": "7.0-alpha7" }, { "last_affected": "7.0-beta1" }, { "last_affected": "7.0-beta2" }, { "last_affected": "7.0-beta3" }, { "last_affected": "7.0-dev" }, { "last_affected": "7.1" }, { "last_affected": "7.2" }, { "last_affected": "7.3" }, { "last_affected": "7.4" }, { "last_affected": "7.5" }, { "last_affected": "7.6" }, { "last_affected": "7.7" }, { "last_affected": "7.8" }, { "last_affected": "7.9" }, { "last_affected": "7.10" }, { "last_affected": "7.11" }, { "last_affected": "7.12" }, { "last_affected": "7.13" }, { "last_affected": "7.14" }, { "last_affected": "7.15" }, { "last_affected": "7.16" }, { "last_affected": "7.17" }, { "last_affected": "7.18" }, { "last_affected": "7.19" }, { "last_affected": "7.20" }, { "last_affected": "7.21" }, { "last_affected": "7.22" }, { "last_affected": "7.23" }, { "last_affected": "7.24" }, { "last_affected": "7.25" }, { "last_affected": "7.26" }, { "last_affected": "7.27" }, { "last_affected": "7.28" }, { "last_affected": "7.29" }, { "last_affected": "7.30" }, { "last_affected": "7.31" }, { "last_affected": "7.32" }, { "last_affected": "7.33" }, { "last_affected": "7.34" }, { "last_affected": "7.35" }, { "last_affected": "7.36" }, { "last_affected": "7.37" }, { "last_affected": "7.38" }, { "last_affected": "7.40" }, { "last_affected": "7.41" }, { "last_affected": "7.42" }, { "last_affected": "7.x-dev" }, { "last_affected": "8.0" } ], "source": "CPE_FIELD" }
Affected versions
1.*
1.0
2.*
2.0
3.*
3.0.1
5.*
5.0-beta-1
5.0-beta-2
5.0-rc-1
5.0-rc-2
6.*
6.0
6.0-beta-1
6.0-beta-2
6.0-beta-3
6.0-beta-4
6.0-rc-1
6.0-rc-2
6.0-rc-3
6.0-rc-4
6.1
6.10
6.11
6.12
6.13
6.14
6.15
6.16
6.17
6.18
6.19
6.2
6.20
6.21
6.22
6.23
6.24
6.25
6.26
6.27
6.28
6.29
6.3
6.30
6.31
6.32
6.33
6.34
6.35
6.36
6.37
6.4
6.5
6.6
6.7
6.8
6.9
7.*
7.0
7.0-alpha1
7.0-alpha2
7.0-alpha3
7.0-alpha4
7.0-alpha5
7.0-alpha6
7.0-alpha7
7.0-beta1
7.0-beta2
7.0-beta3
7.0-rc-1
7.0-rc-2
7.0-rc-3
7.0-rc-4
7.0-unstable-1
7.0-unstable-10
7.0-unstable-2
7.0-unstable-3
7.0-unstable-4
7.0-unstable-5
7.0-unstable-6
7.0-unstable-7
7.1
7.10
7.11
7.12
7.13
7.14
7.15
7.16
7.17
7.18
7.19
7.2
7.20
7.21
7.22
7.23
7.24
7.25
7.26
7.27
7.28
7.29
7.3
7.30
7.31
7.32
7.33
7.34
7.35
7.36
7.37
7.38
7.4
7.40
7.41
7.42
7.5
7.6
7.7
7.8
7.9
8.*
8.0-alpha10
8.0-alpha11
8.0-alpha12
8.0-alpha13
8.0-alpha2
8.0-alpha3
8.0-alpha4
8.0-alpha5
8.0-alpha6
8.0-alpha7
8.0-alpha8
8.0-alpha9
8.0.0
8.0.0-alpha14
8.0.0-alpha15
8.0.0-beta1
8.0.0-beta10
8.0.0-beta11
8.0.0-beta12
8.0.0-beta13
8.0.0-beta14
8.0.0-beta15
8.0.0-beta16
8.0.0-beta2
8.0.0-beta3
8.0.0-beta4
8.0.0-beta5
8.0.0-beta6
8.0.0-beta7
8.0.0-beta9
8.0.0-rc1
8.0.0-rc2
8.0.0-rc3
8.0.0-rc4
Other
start