vulnerability
Drupal: CVE-2016-3168 : Reflected file download vulnerability - SA-CORE-2016-001
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 9 | (AV:N/AC:M/Au:S/C:C/I:C/A:C) | Apr 12, 2016 | Aug 2, 2017 | Apr 14, 2025 |
Severity
9
CVSS
(AV:N/AC:M/Au:S/C:C/I:C/A:C)
Published
Apr 12, 2016
Added
Aug 2, 2017
Modified
Apr 14, 2025
Description
The System module in Drupal 6.x before 6.38 and 7.x before 7.43 might allow remote attackers to hijack the authentication of site administrators for requests that download and run files with arbitrary JSON-encoded content, aka a "reflected file download vulnerability."
Solutions
drupal-cve-2016-3168-1drupal-cve-2016-3168-2
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.