Description
The File module in Drupal 7.x before 7.11, when using unspecified field access modules, allows remote authenticated users to read arbitrary private files that are associated with restricted fields via unspecified vectors.
Remediation
References
Related Vulnerabilities
WordPress Plugin Simple Contact Info Arbitrary File Deletion (1.1.9)
WordPress Plugin LearnPress-WordPress LMS Cross-Site Scripting (4.1.3.1)
WordPress 4.4.x Cross-Site Scripting Vulnerability (4.4 - 4.4.2)
WordPress Plugin iThemes Security (formerly Better WP Security) Cross-Site Scripting (4.6.12)