Description
The Image module in Drupal 7.x before 7.19, when a private file system is used, does not properly restrict access to derivative images, which allows remote attackers to read derivative images of otherwise restricted images via unspecified vectors.
Remediation
References
Related Vulnerabilities
WordPress Plugin Frontier Post Security Bypass (1.3.2)
Roundcube Cross-site Scripting (XSS) Vulnerability (CVE-2015-8105)
OpenSSL Other Vulnerability (CVE-2016-0797)
Oracle Database Server CVE-2010-2419 Vulnerability (CVE-2010-2419)
WordPress Plugin SEO Redirection-301 Redirect Manager Unspecified Vulnerability (8.7)