Description

The Image module in Drupal 7.x before 7.19, when a private file system is used, does not properly restrict access to derivative images, which allows remote attackers to read derivative images of otherwise restricted images via unspecified vectors.

Remediation

References

CVE-2013-0246

Related Vulnerabilities

WordPress Plugin Theme Blvd Layout Builder Multiple Security Bypass Vulnerabilities (2.0.1)

WordPress Plugin Spam protection, AntiSpam, FireWall by CleanTalk Cross-Site Scripting (5.113)

Oracle Database Server CVE-2009-1968 Vulnerability (CVE-2009-1968)

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2007-4033)

Joomla Improper Input Validation Vulnerability (CVE-2020-11890)

Severity

Medium

Classification

CVE-2013-0246 CWE-264

Tags

Missing Update Known Vulnerabilities