Description
The System module in Drupal 6.x before 6.38 and 7.x before 7.43 might allow remote attackers to hijack the authentication of site administrators for requests that download and run files with arbitrary JSON-encoded content, aka a "reflected file download vulnerability."
Remediation
References
Related Vulnerabilities
Joomla Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2020-15697)
WebLogic Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2019-17359)
PHP-Fusion Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-1807)
WordPress Plugin SEO Ultimate 'wp-admin/post.php' Cross-Site Scripting (6.9.1)