Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-1591)

Description

The image module in Drupal 7.x before 7.14 does not properly check permissions when caching derivative image styles of private images, which allows remote attackers to read private image styles.

Remediation

References

CVE-2012-1591

Related Vulnerabilities

WordPress Plugin WP Comment Remix SQL Injection and HTML Injection Vulnerabilities (1.4.3)

WordPress Plugin MasterStudy LMS-for Online Courses and Education Privilege Escalation (3.3.1)

PHP Other Vulnerability (CVE-2007-4659)

WordPress Plugin Flip Slideshow Cross-Site Scripting (2.2)

WordPress Plugin Responsive Media Gallery for WordPress-Everest Gallery Lite includes Backdoor [Only if downloaded via the vendor website] (1.0.8)

Severity

Medium

Classification

CVE-2012-1591 CWE-264