Description

The Image module in Drupal 7.x before 7.19, when a private file system is used, does not properly restrict access to derivative images, which allows remote attackers to read derivative images of otherwise restricted images via unspecified vectors.

Remediation

References

CVE-2013-0246

Related Vulnerabilities

WordPress Plugin Email Log Information Disclosure (1.9)

WordPress Plugin Ultimate Membership Pro Cross-Site Request Forgery (8.6.2)

MediaWiki Improper Authentication Vulnerability (CVE-2021-36128)

MySQL CVE-2024-21213 Vulnerability (CVE-2024-21213)

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-2152)

Severity

Medium

Classification

CVE-2013-0246 CWE-264

Tags

Missing Update Known Vulnerabilities