CVE-2009-3207
CVE-2009-3207 affects Drupal’s ImageCache module (5.x before 5.x-2.5 and 6.x before 6.x-2.0-beta10). The root cause is improper access control for derivative images when the private file system is used, allowing remote attackers to view arbitrary images by crafting a request that specifies an ima...