Description

The File module in Drupal 7.x before 7.11, when using unspecified field access modules, allows remote authenticated users to read arbitrary private files that are associated with restricted fields via unspecified vectors.

Remediation

References

CVE-2012-0827

Related Vulnerabilities

WordPress Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2007-1897)

WordPress Plugin Social Sharing-Sassy Social Share Cross-Site Scripting (3.3.39)

WordPress Plugin SoundPress Cross-Site Scripting (2.2.6)

WordPress Plugin WooCommerce PHP Object Injection (3.2.3)

ATutor Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-2555)

Severity

Low

Classification

CVE-2012-0827 CWE-264

Tags

Missing Update Known Vulnerabilities