2 matches found
CVE-2011-2726
Summary (CVE-2011-2726) : Drupal 7.x before 7.5 is affected by an access-bypass vulnerability related to file attachments in comments. If a site enables File upload fields on any entity or points fields to the private file directory, non-privileged users can download a file attached to a comment ...
SA-CORE-2011-003 - Drupal core - Access bypass
CVE: CVE-2011-2726 Access bypass in private file fields on comments. Drupal 7 contains two new features: the ability to attach File upload fields to any entity type in the system and the ability to point individual File upload fields to the private file directory. If a Drupal site is using these...