Description
The Image module in Drupal 7.x before 7.19, when a private file system is used, does not properly restrict access to derivative images, which allows remote attackers to read derivative images of otherwise restricted images via unspecified vectors.
Remediation
References
Related Vulnerabilities
WordPress Plugin PowerPress Podcasting by Blubrry Cross-Site Scripting (6.0)
WordPress Plugin Product Slider for WooCommerce Cross-Site Scripting (2.6.3)
Oracle Application Server Other Vulnerability (CVE-2007-3859)
Magento Improper Input Validation Vulnerability (CVE-2021-28585)
Moodle Improper Input Validation Vulnerability (CVE-2012-0795)