5 matches found
EUVD-2011-2704
Malware in sbrugna...
Information Disclosure
drupal/core is vulnerable to information disclosure. The vulnerability exists due to a lack of input validation in the ImageStyleDownloadController.php as it only restricts access to non-public files if stored in the private file directory, allowing an attacker to gain access to additional files ...
Design/Logic Flaw
An access bypass issue was found in Drupal 7.x before version 7.5. If a Drupal site has the ability to attach File upload fields to any entity type in the system or has the ability to point individual File upload fields to the private file directory in comments, and the parent node is denied...
CVE-2011-2726
Removed by vendor...
SA-CORE-2011-003 - Drupal core - Access bypass
CVE: CVE-2011-2726 Access bypass in private file fields on comments. Drupal 7 contains two new features: the ability to attach File upload fields to any entity type in the system and the ability to point individual File upload fields to the private file directory. If a Drupal site is using these...