Description
The File module in Drupal 7.x before 7.11, when using unspecified field access modules, allows remote authenticated users to read arbitrary private files that are associated with restricted fields via unspecified vectors.
Remediation
References
Related Vulnerabilities
WordPress URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2020-4048)
WordPress Plugin Download Plugins and Themes from Dashboard Cross-Site Scripting (1.5.0)
Oracle JRE CVE-2013-2383 Vulnerability (CVE-2013-2383)
Apache Tomcat 7PK - Security Features Vulnerability (CVE-2002-0493)