Description
The File module in Drupal 7.x before 7.11, when using unspecified field access modules, allows remote authenticated users to read arbitrary private files that are associated with restricted fields via unspecified vectors.
Remediation
References
Related Vulnerabilities
SharePoint CVE-2020-16979 Vulnerability (CVE-2020-16979)
WordPress Plugin Cartogiraffe Map Cross-Site Scripting (1.0)
Liferay DXP Improper Restriction of XML External Entity Reference Vulnerability (CVE-2024-25606)
Moodle Improper Input Validation Vulnerability (CVE-2012-0795)
WordPress Plugin ReFlex Gallery Arbitrary File Upload (3.1.3)