Description

The image module in Drupal 7.x before 7.14 does not properly check permissions when caching derivative image styles of private images, which allows remote attackers to read private image styles.

Remediation

References

CVE-2012-1591

Related Vulnerabilities

PHP Numeric Errors Vulnerability (CVE-2011-0755)

WordPress Plugin CevherShare 'cevhershare-admin.php' SQL Injection (2.0)

Apache HTTP Server Other Vulnerability (CVE-2000-0913)

MySQL CVE-2022-21356 Vulnerability (CVE-2022-21356)

Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-2714)

Severity

Medium

Classification

CVE-2012-1591 CWE-264

Tags

Missing Update Known Vulnerabilities