Description
The core upload module in Drupal 5.x before 5.11 allows remote authenticated users to bypass intended access restrictions and read "files attached to content" via unknown vectors.
Remediation
References
Related Vulnerabilities
WordPress Plugin Traffic Analyzer SQL Injection (3.4.2)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-4279)
MySQL CVE-2012-3150 Vulnerability (CVE-2012-3150)
OpenSSL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-2107)
CakePHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3712)