Description
The core upload module in Drupal 5.x before 5.11 allows remote authenticated users to bypass intended access restrictions and read "files attached to content" via unknown vectors.
Remediation
References
Related Vulnerabilities
Oracle Database Server CVE-2022-21247 Vulnerability (CVE-2022-21247)
YetiForce CRM Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2021-4092)
WordPress Plugin Availability Calendar SQL Injection (1.2)
PostgreSQL Permissions, Privileges, and Access Controls Vulnerability (CVE-2007-2138)
Apache HTTP Server CVE-2013-1862 Vulnerability (CVE-2013-1862)