Description

The File module in Drupal 7.x before 7.11, when using unspecified field access modules, allows remote authenticated users to read arbitrary private files that are associated with restricted fields via unspecified vectors.

Remediation

References

CVE-2012-0827

Related Vulnerabilities

WordPress Plugin Simple Contact Info Arbitrary File Deletion (1.1.9)

WordPress Plugin LearnPress-WordPress LMS Cross-Site Scripting (4.1.3.1)

WordPress 4.4.x Cross-Site Scripting Vulnerability (4.4 - 4.4.2)

WordPress Plugin iThemes Security (formerly Better WP Security) Cross-Site Scripting (4.6.12)

GlassFish CVE-2017-10385 Vulnerability (CVE-2017-10385)

Severity

Low

Classification

CVE-2012-0827 CWE-264

Tags

Missing Update Known Vulnerabilities