High severity8.8NVD Advisory· Published Sep 9, 2016· Updated May 6, 2026
CVE-2016-6211
CVE-2016-6211
Description
The User module in Drupal 7.x before 7.44 allows remote authenticated users to gain privileges via vectors involving contributed or custom code that triggers a rebuild of the user profile form.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
drupal/corePackagist | >= 7.0, < 7.44 | 7.44 |
drupal/drupalPackagist | >= 7.0, < 7.44 | 7.44 |
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
9- www.debian.org/security/2016/dsa-3604nvdThird Party AdvisoryWEB
- www.openwall.com/lists/oss-security/2016/07/13/4nvdMailing ListThird Party AdvisoryWEB
- www.openwall.com/lists/oss-security/2016/07/13/7nvdMailing ListThird Party AdvisoryWEB
- github.com/advisories/GHSA-frqf-9qr4-6vxfghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2016-6211ghsaADVISORY
- www.drupal.org/SA-CORE-2016-002nvdVendor AdvisoryWEB
- www.securityfocus.com/bid/91230nvdWEB
- github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-6211.yamlghsaWEB
- github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-6211.yamlghsaWEB
News mentions
0No linked articles in our index yet.