CVE-2009-3781
The issue concerns the Drupal FileField 6.x-3.1 module, where the function filefield_file_download does not correctly enforce node-access permissions for Drupal core private files. This permits remote attackers to access unauthorized files via unspecified vectors. Root cause: missing access check...