2 matches found
CVE-2014-9156
The vulnerability CVE-2014-9156 affects the Drupal FileField module (6.x-3.x) prior to 6.x-3.13. The root cause is a failing permission check to view files when attaching an uploaded file, enabling remote authenticated users with permission to create or edit content to read private files. Affecte...
SA-CONTRIB-2014-071 - FileField - Access bypass
The FileField module enables you to define and use fields that contain files. The module doesn't sufficiently check permission to view the attached file when attaching a file that was previously uploaded. This could allow attackers to gain access to private files. This vulnerability is mitigated ...