CVE-2012-0827

Drupal 7.x < 7.11 - Authenticated Arbitrary Private File Read via File Module

Title source: llm
STIX 2.1

Description

The File module in Drupal 7.x before 7.11, when using unspecified field access modules, allows remote authenticated users to read arbitrary private files that are associated with restricted fields via unspecified vectors.

References (1)

Core 1
Core References
Patch, Vendor Advisory x_refsource_confirm
https://drupal.org/node/1425084

Scores

EPSS 0.0016
EPSS Percentile 37.0%

Details

CWE
CWE-264
Status published
Products (12)
drupal/drupal 7.0 (16 CPE variants)
drupal/drupal 7.1
drupal/drupal 7.2
drupal/drupal 7.3
drupal/drupal 7.4
drupal/drupal 7.5
drupal/drupal 7.6
drupal/drupal 7.7
drupal/drupal 7.8
drupal/drupal 7.9
... and 2 more
Published Oct 28, 2013
Tracked Since Feb 18, 2026