Description

The File module in Drupal 7.x before 7.11, when using unspecified field access modules, allows remote authenticated users to read arbitrary private files that are associated with restricted fields via unspecified vectors.

Remediation

References

CVE-2012-0827

Related Vulnerabilities

WordPress Plugin MDC YouTube Downloader Local File Inclusion (2.1.0)

WordPress Plugin NextMove Lite-Thank You Page for WooCommerce Security Bypass (2.17.0)

Oracle Application Server Other Vulnerability (CVE-2004-1369)

WordPress Plugin BSK PDF Manager SQL Injection (3.1.1)

XOOPS Other Vulnerability (CVE-2007-0377)

Severity

Low

Classification

CVE-2012-0827 CWE-264

Tags

Missing Update Known Vulnerabilities