CVE-2009-3207

2009-09-1617:00:00

mitre

www.cve.org

AI Score

6.8

Confidence

Low

EPSS

0.026

Percentile

90.4%

JSON

The ImageCache module 5.x before 5.x-2.5 and 6.x before 6.x-2.0-beta10, a module for Drupal, when the private file system is used, does not properly perform access control for derivative images, which allows remote attackers to view arbitrary images via a request that specifies an image’s filename.

References

drupal.org/node/505904

drupal.org/node/554084

drupal.org/node/554086

drupal.org/node/554090

secunia.com/advisories/36412

exchange.xforce.ibmcloud.com/vulnerabilities/52595