Description

Drupal 6.x before 6.27 allows remote attackers to obtain sensitive information about uploaded files via a (1) RSS feed or (2) search result.

Remediation

References

CVE-2012-5652

Related Vulnerabilities

PostgreSQL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-32028)

WordPress Plugin Print My Blog-Print, PDF, & eBook Converter Server-Side Request Forgery (1.6.5)

Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-28978)

WordPress Plugin TablePress CSV Injection (1.9.2)

WordPress 5.0.x Multiple Vulnerabilities (5.0 - 5.0.7)

Severity

Medium

Classification

CVE-2012-5652 CWE-200

Tags

Missing Update Known Vulnerabilities