Drupal Permissions Privileges and Access Controls Vulnerability - CVE-2013-0246 - Vulnerability Database

Drupal Permissions Privileges and Access Controls Vulnerability - CVE-2013-0246

Medium

Reference: CVE-2013-0246

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2013-0246

Title: Drupal Permissions Privileges and Access Controls Vulnerability

Overview:

The Image module in Drupal 7.x before 7.19 when a private file system is used does not properly restrict access to derivative images which allows remote attackers to read derivative images of otherwise restricted images via unspecified vectors.