Description
The Image module in Drupal 7.x before 7.19, when a private file system is used, does not properly restrict access to derivative images, which allows remote attackers to read derivative images of otherwise restricted images via unspecified vectors.
Remediation
References
Related Vulnerabilities
MySQL CVE-2016-5633 Vulnerability (CVE-2016-5633)
WordPress Plugin Swiss Toolkit For WP Security Bypass (1.0.7)
WordPress Plugin User Role Editor Cross-Site Request Forgery (3.12)
MediaWiki CVE-2023-45370 Vulnerability (CVE-2023-45370)
Joomla! Core 3.x.x Multiple Cross-Site Request Forgery Vulnerabilities (3.0.0 - 3.9.14)