Description

The image module in Drupal 7.x before 7.14 does not properly check permissions when caching derivative image styles of private images, which allows remote attackers to read private image styles.

Remediation

References

CVE-2012-1591

Related Vulnerabilities

MyBB Server-Side Request Forgery (SSRF) Vulnerability (CVE-2017-7566)

Joomla Other Vulnerability (CVE-2006-1029)

MySQL CVE-2020-14547 Vulnerability (CVE-2020-14547)

WordPress Plugin Easy Forms for MailChimp Unspecified Vulnerability (6.3.11)

WordPress Plugin WP Statistics Multiple Cross-Site Scripting Vulnerabilities (12.0.1)

Severity

Medium

Classification

CVE-2012-1591 CWE-264

Tags

Missing Update Known Vulnerabilities