The image module in Drupal 7.x prior to 7.14 does not properly check permissions when caching derivative image styles of private images, which allows remote malicious users to read private image styles.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
drupal drupal 7.0 |
||
drupal drupal 7.1 |
||
drupal drupal 7.3 |
||
drupal drupal 7.8 |
||
drupal drupal 7.11 |
||
drupal drupal 7.4 |
||
drupal drupal 7.7 |
||
drupal drupal 7.12 |
||
drupal drupal 7.5 |
||
drupal drupal 7.10 |
||
drupal drupal 7.13 |
||
drupal drupal 7.x-dev |
||
drupal drupal 7.2 |
||
drupal drupal 7.6 |
||
drupal drupal 7.9 |