Description
The core upload module in Drupal 5.x before 5.11 allows remote authenticated users to bypass intended access restrictions and read "files attached to content" via unknown vectors.
Remediation
References
Related Vulnerabilities
WordPress Plugin Kama WP Smiles Unspecified Vulnerability (1.8.1)
WordPress Plugin WP Email Users SQL Injection (1.4.3)
WordPress Plugin Uploadify Remote File Upload (1.0)
WordPress Plugin WP Statistics Multiple Cross-Site Scripting Vulnerabilities (2.2.4)
WordPress Possible Security Bypass Vulnerability (0.70 - 4.7.4)