Description

The Image module in Drupal 7.x before 7.19, when a private file system is used, does not properly restrict access to derivative images, which allows remote attackers to read derivative images of otherwise restricted images via unspecified vectors.

Remediation

References

CVE-2013-0246

Related Vulnerabilities

Beego Framework Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-39391)

Oracle Application Server CVE-2008-4014 Vulnerability (CVE-2008-4014)

WordPress Plugin Waitlist Woocommerce (Back in stock notifier) Cross-Site Request Forgery (2.5.1)

MediaWiki Improper Access Control Vulnerability (CVE-2016-6337)

Moodle Server-Side Request Forgery (SSRF) Vulnerability (CVE-2018-1042)

Severity

Medium

Classification

CVE-2013-0246 CWE-264

Tags

Missing Update Known Vulnerabilities