CVE-2016-7572

The system.temporary route in Drupal 8.x before 8.1.10 does not properly check for "Export configuration" permission, which allows remote authenticated users to bypass intended access restrictions and read a full config export via unspecified vectors.

We have discovered 134,572 live websites that are affected by CVE-2016-7572.

Test my site



Affected Software

Product  Drupal
Category Content Management System
Vulnerable Domains134,572 live websites (53.57% of Drupal install base)
Vulnerable Versions
  • from 0 before 8.1.10
Vulnerable Versions Count30 versions ( 9.84% of all versions)



Details

  • Published - Oct 4, 2016
  • Updated - Aug 6, 2024

CVE-2016-7572 usage by Country

United States42,201 websites


Germany13,939 websites
Russia11,930 websites
France10,386 websites
GB4,247 websites
Belgium3,940 websites
Netherlands3,689 websites
Italy3,384 websites
Spain2,839 websites
Hungary2,503 websites

CVE-2016-7572 usage by TLD

.com37,022 websites
.org11,560 websites
.ru9,889 websites
.de7,225 websites
.fr4,923 websites
.be4,360 websites
.edu4,035 websites
.net3,302 websites
.it2,933 websites
.nl2,762 websites

Vulnerable Versions

Vulnerable versions are highlighted in red

Websites affected by CVE-2016-7572

Top websites that are affected by CVE-2016-7572. Please click on the "Contact us" link to get more information.
DomainCountryRankContacts
******.org United States***
***.org United States*,***
********.gov United States*,***
******.gov United States*,***
***.**.gov United States*,***
******.edu United States*,***
***.gov United States*,***
****.org United States*,***
***.com United States*,***
*******.com Netherlands*,***
See full domain list

FAQ

A total of 134,572 websites have been identified as vulnerable to CVE-2016-7572, discovered through global website indexing conducted by WebTechSurvey.
Drupal is susceptible to CVE-2016-7572 vulnerability.
Drupal versions before 8.1.10 are vulnerable to CVE-2016-7572.
Version 8.1.10 of Drupal addresses the CVE-2016-7572 security vulnerability.