CVE-2016-3187

EUVD-2016-4228
The Prepopulate module 7.x-2.x before 7.x-2.1 for Drupal allows remote attackers to modify the REQUEST superglobal array, and consequently have unspecified impact, via a base64-encoded pp parameter.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.3 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 66%
Affected Products (NVD)
VendorProductVersion
prepopulate_projectprepopulate
7.x-2.0:x
prepopulate_projectprepopulate
7.x-2.x:x
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://cgit.drupalcode.org/prepopulate/commit/prepopulate.module?id=16cdb63cc3b256dd785e029ec17f92ddf80cc443
https://www.drupal.org/node/2679215
https://www.drupal.org/node/2679503
http://cgit.drupalcode.org/prepopulate/commit/prepopulate.module?id=16cdb63cc3b256dd785e029ec17f92ddf80cc443
https://www.drupal.org/node/2679215
https://www.drupal.org/node/2679503