Description

The image module in Drupal 7.x before 7.14 does not properly check permissions when caching derivative image styles of private images, which allows remote attackers to read private image styles.

Remediation

References

CVE-2012-1591

Related Vulnerabilities

IBM RTC CVE-2017-1191 Vulnerability (CVE-2017-1191)

WordPress Plugin Form Maker by 10Web-Mobile-Friendly Drag & Drop Contact Form Builder Security Bypass (1.7.14)

Zenphoto Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-4907)

Piwigo Improper Access Control Vulnerability (CVE-2016-10085)

CubeCart Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2023-47675)

Severity

Medium

Classification

CVE-2012-1591 CWE-264

Tags

Missing Update Known Vulnerabilities