CVE-2011-2726
HIGHDrupal 7.0-7.5 - Unauthenticated File Download via Direct URL Access
Title source: llmDescription
An access bypass issue was found in Drupal 7.x before version 7.5. If a Drupal site has the ability to attach File upload fields to any entity type in the system or has the ability to point individual File upload fields to the private file directory in comments, and the parent node is denied access, non-privileged users can still download the file attached to the comment if they know or guess its direct URL.
References (6)
Core 6
Core References
Third Party Advisory x_refsource_misc
https://security-tracker.debian.org/tracker/CVE-2011-2726
Issue Tracking, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2726
Broken Link x_refsource_misc
https://access.redhat.com/security/cve/cve-2011-2726
Mailing List, Third Party Advisory x_refsource_misc
http://www.openwall.com/lists/oss-security/2012/03/19/10
Mailing List, Third Party Advisory x_refsource_misc
http://www.openwall.com/lists/oss-security/2012/03/20/14
Vendor Advisory x_refsource_confirm
https://www.drupal.org/node/1231510
Scores
CVSS v3
7.5
EPSS
0.0040
EPSS Percentile
60.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-863
Status
published
Products (8)
debian/debian_linux
8.0
debian/debian_linux
9.0
drupal/drupal
7.0 - 7.5
fedoraproject/fedora
14
fedoraproject/fedora
15
fedoraproject/fedora
16
redhat/enterprise_linux
5.0
redhat/enterprise_linux
6.0
Published
Nov 15, 2019
Tracked Since
Feb 18, 2026