Description
The Image module in Drupal 7.x before 7.19, when a private file system is used, does not properly restrict access to derivative images, which allows remote attackers to read derivative images of otherwise restricted images via unspecified vectors.
Remediation
References
Related Vulnerabilities
PHP Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2014-5459)
MySQL CVE-2018-2773 Vulnerability (CVE-2018-2773)
OpenSSL Key Management Errors Vulnerability (CVE-2018-0732)
WordPress Plugin Grapefile File Sharing 'grapeupload.php' Arbitrary File Upload (1.1)
WordPress Plugin Bulk Page Creator Cross-Site Scripting (1.0.9)