Description

The File module in Drupal 7.x before 7.11, when using unspecified field access modules, allows remote authenticated users to read arbitrary private files that are associated with restricted fields via unspecified vectors.

Remediation

References

CVE-2012-0827

Related Vulnerabilities

WordPress Plugin Total Security Multiple Unspecified Vulnerabilities (3.4.1)

MySQL CVE-2024-21244 Vulnerability (CVE-2024-21244)

osTicket Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-24917)

Piwigo Exposure of Resource to Wrong Sphere Vulnerability (CVE-2022-26267)

WordPress Plugin Contact Form to DB by BestWebSoft-Messages Database For WordPress Cross-Site Scripting (1.4.0)

Severity

Low

Classification

CVE-2012-0827 CWE-264

Tags

Missing Update Known Vulnerabilities