Description

Drupal 6.x before 6.27 allows remote attackers to obtain sensitive information about uploaded files via a (1) RSS feed or (2) search result.

Remediation

References

CVE-2012-5652

Related Vulnerabilities

WordPress Plugin WP Private Content Plus Security Bypass (1.31)

WordPress Plugin GS Logo Slider-Ticker, Grid, List, Table & Filter Views Cross-Site Scripting (3.3.7)

Apache HTTP Server Improper Handling of Case Sensitivity Vulnerability (CVE-2001-0766)

Ruby on Rails Inefficient Regular Expression Complexity Vulnerability (CVE-2023-22795)

WordPress Plugin 123devis-affiliation Cross-Site Scripting (1.0.4)

Severity

Medium

Classification

CVE-2012-5652 CWE-200

Tags

Missing Update Known Vulnerabilities