{"id":"CVE-2016-3162","details":"The File module in Drupal 7.x before 7.43 and 8.x before 8.0.4 allows remote authenticated users to bypass access restrictions and read, delete, or substitute a link to a file uploaded to an unprocessed form by leveraging permission to create content or comment and upload files.","aliases":["GHSA-w2pj-c8x5-jvg2"],"modified":"2026-03-12T22:18:48.074130Z","published":"2016-04-12T15:59:00.117Z","references":[{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2016/02/24/19"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2016/03/15/10"},{"type":"ADVISORY","url":"http://www.debian.org/security/2016/dsa-3498"},{"type":"FIX","url":"https://www.drupal.org/SA-CORE-2016-001"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/drupal/drupal","events":[{"introduced":"0"},{"last_affected":"497914920385b7016ac9c9367e0198530787adf2"},{"introduced":"0"},{"last_affected":"c511a4abe771499fe4ff682decad59a3cd1e61d0"},{"introduced":"0"},{"last_affected":"154ffa85f8bf5033c958ba8face74797463a6bde"},{"introduced":"0"},{"last_affected":"d516f6778e57da524e3491710c6e5a5382dc647e"},{"introduced":"0"},{"last_affected":"a4fabec730e7377f6dfe656599145b40f778a77d"},{"introduced":"0"},{"last_affected":"9b9d9296c85e88d6ecb875d7e350e0083a105108"},{"introduced":"0"},{"last_affected":"9bf09eea76bbf071db4016252faca2d20bf1a6c2"},{"introduced":"0"},{"last_affected":"0c6f9b0074a227fe1b2fef3621925ef900039486"},{"introduced":"0"},{"last_affected":"d0b330ef316d761fc02eadeb659f9ff1ab106c3e"},{"introduced":"0"},{"last_affected":"237c0642a799ed3a1895f3144d8017422e2a8f72"},{"introduced":"0"},{"last_affected":"d08387cf6316da3b5158ccc1063acc5399ef3ee2"},{"introduced":"0"},{"last_affected":"497914920385b7016ac9c9367e0198530787adf2"},{"introduced":"0"},{"last_affected":"316bd96ebff36284f5f3e33268760ff9c672b6f8"},{"introduced":"0"},{"last_affected":"49e2d2ca6f6c6489b07b9e863150d20a38148a57"},{"introduced":"0"},{"last_affected":"ebf9026bb8411de4866824f45ab825ecb41a5f47"},{"introduced":"0"},{"last_affected":"d8cfe088697631a9789895b4128b12ab79c07207"},{"introduced":"0"},{"last_affected":"eabb023933ac83947e5d238c4a83b1f5bdbcc738"},{"introduced":"0"},{"last_affected":"1f124bf1accbad60b31a463ff59232d2f5626100"},{"introduced":"0"},{"last_affected":"ca9434462a4af269f24b0b616939938a3a4c112f"},{"introduced":"0"},{"last_affected":"6b54665a5921d26d00559644754047420776da4a"},{"introduced":"0"},{"last_affected":"09bfa80c0c6ffabf7e02e706dbfd2f514619bbc4"},{"introduced":"0"},{"last_affected":"a07564a2968a464d3f800da0c2e75045caa367ea"},{"introduced":"0"},{"last_affected":"40093b2fa7dde4a5f3c6806aad91b9302c232903"},{"introduced":"0"},{"last_affected":"4d4080b17681ae674e10c077b72d00f0b1544e0c"},{"introduced":"0"},{"last_affected":"9879d29f731570a34b24c4eae4cc8cb30c7a5082"},{"introduced":"0"},{"last_affected":"30d1e719aa5e9a9ad66514078ca3b0975ddadc9c"},{"introduced":"0"},{"last_affected":"a584af62514ba7ec37b82b0c7b17081fcca4c5e0"},{"introduced":"0"},{"last_affected":"b9127101ffeca819e74a03fa9f5a48d026c562e5"},{"introduced":"0"},{"last_affected":"c5d6e6334fb7a71ecf1dbc7e06a7de8ad9547b27"},{"introduced":"0"},{"last_affected":"b47f95d3013619e33cafdf8b769b2b6179a07956"},{"introduced":"0"},{"last_affected":"1d4604da252f0e6e19339957ec214388f61b908d"},{"introduced":"0"},{"last_affected":"3a24da1b40f5e05876ad7775044500b61eb2ed94"},{"introduced":"0"},{"last_affected":"ec59e1197a2aa37557f9a87f13ba4d90e6aabf4c"},{"introduced":"0"},{"last_affected":"dce3c77a61d9510dbac6927b60a03bc8da19e947"},{"introduced":"0"},{"last_affected":"bf704d6ffe55d66a440a55a9d43e8846d46d2440"},{"introduced":"0"},{"last_affected":"782d1155c62c0a879bf587c7e40c3a13bcf6879c"},{"introduced":"0"},{"last_affected":"effed1c831c997be26e12f18be0d8eb683f21a75"},{"introduced":"0"},{"last_affected":"dc791ec5839b52c7616bf66993122aa9a1336384"},{"introduced":"0"},{"last_affected":"6642fbc7001c728e218170fd286e6b8a24eef24f"},{"introduced":"0"},{"last_affected":"1769d1cca92e206510528c324552797e83a1fc7c"},{"introduced":"0"},{"last_affected":"83b80acad8431fcd56e9a331ba06c41edee48c91"},{"introduced":"0"},{"last_affected":"f9784cf829fe2d6aad57b6de1f2e3a167e95cea6"},{"introduced":"0"},{"last_affected":"90e884ad0f7f2cf269d953f7d70966de9fd821ff"},{"introduced":"0"},{"last_affected":"131a6f5129b18f3913ba5882111797f8588c5aaf"},{"introduced":"0"},{"last_affected":"4ba5f184c69306da0e30260890f01ea0694af274"},{"introduced":"0"},{"last_affected":"81586d9e9d04dcee487c50de426c04221899b6d0"},{"introduced":"0"},{"last_affected":"b44056d2f8e8c71d35c85ec5c2fb8f7c8a02d8a8"},{"introduced":"0"},{"last_affected":"b42286571f4a22324f321af025768107caa99c30"},{"introduced":"0"},{"last_affected":"18c5da5028b7c3ba985e598bb8df45613285d437"},{"introduced":"0"},{"last_affected":"5cb79b4b217e9aa315d61284398cce132c28bea4"},{"introduced":"0"},{"last_affected":"9d16792580c241b42e6192b480f65cf0bdd07bc9"},{"introduced":"0"},{"last_affected":"9f72251c9291b5613acb9ca4ea7a51b4739e3f93"},{"introduced":"0"},{"last_affected":"497914920385b7016ac9c9367e0198530787adf2"},{"introduced":"0"},{"last_affected":"35c2f3ca5c935f3d8bde15932a712677c9bbd50f"},{"introduced":"0"},{"last_affected":"2d64433829033660b87a1a1d054b3899a18addba"},{"introduced":"0"},{"last_affected":"647bfab79e6ee1fddb339c50152315e479d4fe8f"},{"introduced":"0"},{"last_affected":"3f7404935955cd2a63023e77a07c4231ad5ff62a"},{"introduced":"0"},{"last_affected":"497914920385b7016ac9c9367e0198530787adf2"},{"introduced":"0"},{"last_affected":"35c2f3ca5c935f3d8bde15932a712677c9bbd50f"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"7.0"},{"introduced":"0"},{"last_affected":"7.0-alpha1"},{"introduced":"0"},{"last_affected":"7.0-alpha2"},{"introduced":"0"},{"last_affected":"7.0-alpha3"},{"introduced":"0"},{"last_affected":"7.0-alpha4"},{"introduced":"0"},{"last_affected":"7.0-alpha5"},{"introduced":"0"},{"last_affected":"7.0-alpha6"},{"introduced":"0"},{"last_affected":"7.0-alpha7"},{"introduced":"0"},{"last_affected":"7.0-beta1"},{"introduced":"0"},{"last_affected":"7.0-beta2"},{"introduced":"0"},{"last_affected":"7.0-beta3"},{"introduced":"0"},{"last_affected":"7.0-dev"},{"introduced":"0"},{"last_affected":"7.1"},{"introduced":"0"},{"last_affected":"7.2"},{"introduced":"0"},{"last_affected":"7.3"},{"introduced":"0"},{"last_affected":"7.4"},{"introduced":"0"},{"last_affected":"7.5"},{"introduced":"0"},{"last_affected":"7.6"},{"introduced":"0"},{"last_affected":"7.7"},{"introduced":"0"},{"last_affected":"7.8"},{"introduced":"0"},{"last_affected":"7.9"},{"introduced":"0"},{"last_affected":"7.10"},{"introduced":"0"},{"last_affected":"7.11"},{"introduced":"0"},{"last_affected":"7.12"},{"introduced":"0"},{"last_affected":"7.13"},{"introduced":"0"},{"last_affected":"7.14"},{"introduced":"0"},{"last_affected":"7.15"},{"introduced":"0"},{"last_affected":"7.16"},{"introduced":"0"},{"last_affected":"7.17"},{"introduced":"0"},{"last_affected":"7.18"},{"introduced":"0"},{"last_affected":"7.19"},{"introduced":"0"},{"last_affected":"7.20"},{"introduced":"0"},{"last_affected":"7.21"},{"introduced":"0"},{"last_affected":"7.22"},{"introduced":"0"},{"last_affected":"7.23"},{"introduced":"0"},{"last_affected":"7.24"},{"introduced":"0"},{"last_affected":"7.25"},{"introduced":"0"},{"last_affected":"7.26"},{"introduced":"0"},{"last_affected":"7.27"},{"introduced":"0"},{"last_affected":"7.28"},{"introduced":"0"},{"last_affected":"7.29"},{"introduced":"0"},{"last_affected":"7.30"},{"introduced":"0"},{"last_affected":"7.31"},{"introduced":"0"},{"last_affected":"7.32"},{"introduced":"0"},{"last_affected":"7.33"},{"introduced":"0"},{"last_affected":"7.34"},{"introduced":"0"},{"last_affected":"7.35"},{"introduced":"0"},{"last_affected":"7.36"},{"introduced":"0"},{"last_affected":"7.37"},{"introduced":"0"},{"last_affected":"7.38"},{"introduced":"0"},{"last_affected":"7.40"},{"introduced":"0"},{"last_affected":"7.41"},{"introduced":"0"},{"last_affected":"7.x-dev"},{"introduced":"0"},{"last_affected":"8.0.0"},{"introduced":"0"},{"last_affected":"8.0.1"},{"introduced":"0"},{"last_affected":"8.0.2"},{"introduced":"0"},{"last_affected":"8.0.3"},{"introduced":"0"},{"last_affected":"7.0"},{"introduced":"0"},{"last_affected":"8.0"}]}}],"versions":["1.0","2.0","3.0.1","5.0-beta-1","5.0-beta-2","5.0-rc-1","5.0-rc-2","6.0-beta-1","6.0-beta-2","6.0-beta-3","6.0-beta-4","6.0-rc-1","6.0-rc-2","6.0-rc-3","7.0","7.0-alpha1","7.0-alpha2","7.0-alpha3","7.0-alpha4","7.0-alpha5","7.0-alpha6","7.0-alpha7","7.0-beta1","7.0-beta2","7.0-beta3","7.0-rc-1","7.0-rc-2","7.0-rc-3","7.0-rc-4","7.0-unstable-1","7.0-unstable-10","7.0-unstable-2","7.0-unstable-3","7.0-unstable-4","7.0-unstable-5","7.0-unstable-6","7.0-unstable-7","start"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-3162.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"7.0-rc1"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0-rc2"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0-rc3"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0-rc4"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"}]}