Description
The File module in Drupal 7.x before 7.11, when using unspecified field access modules, allows remote authenticated users to read arbitrary private files that are associated with restricted fields via unspecified vectors.
Remediation
References
Related Vulnerabilities
Oracle JRE CVE-2014-0452 Vulnerability (CVE-2014-0452)
WordPress Plugin iThemes Security (formerly Better WP Security) Security Bypass (5.3.5)
PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-4718)
WordPress Plugin Events Registration with PayPal IPN Multiple SQL Injection Vulnerabilities (2.1.2)