Description

The Image module in Drupal 7.x before 7.19, when a private file system is used, does not properly restrict access to derivative images, which allows remote attackers to read derivative images of otherwise restricted images via unspecified vectors.

Remediation

References

CVE-2013-0246

Related Vulnerabilities

MySQL CVE-2017-10384 Vulnerability (CVE-2017-10384)

MODX Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-6588)

Dotclear Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-7903)

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-34911)

WordPress Plugin Easy2Map Photos Multiple Vulnerabilities (1.0.9)

Severity

Medium

Classification

CVE-2013-0246 CWE-264

Tags

Missing Update Known Vulnerabilities