Description
The Image module in Drupal 7.x before 7.19, when a private file system is used, does not properly restrict access to derivative images, which allows remote attackers to read derivative images of otherwise restricted images via unspecified vectors.
Remediation
References
Related Vulnerabilities
Lodash Other Vulnerability (CVE-2020-28500)
Oracle Database Server CVE-2009-1964 Vulnerability (CVE-2009-1964)
WordPress Plugin Permalink Manager Lite Unspecified Vulnerability (2.2.13.1)
WordPress Plugin WordPress+Microsoft Office 365/Azure AD-LOGIN Unspecified Vulnerability (11.6)
WordPress Plugin EZP Coming Soon Page Cross-Site Scripting (1.0.0)