Description

The Image module in Drupal 7.x before 7.19, when a private file system is used, does not properly restrict access to derivative images, which allows remote attackers to read derivative images of otherwise restricted images via unspecified vectors.

Remediation

References

CVE-2013-0246

Related Vulnerabilities

PHP Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2014-5459)

MySQL CVE-2018-2773 Vulnerability (CVE-2018-2773)

OpenSSL Key Management Errors Vulnerability (CVE-2018-0732)

WordPress Plugin Grapefile File Sharing 'grapeupload.php' Arbitrary File Upload (1.1)

WordPress Plugin Bulk Page Creator Cross-Site Scripting (1.0.9)

Severity

Medium

Classification

CVE-2013-0246 CWE-264

Tags

Missing Update Known Vulnerabilities