Published: 22/07/2014 Updated: 22/07/2014

CVSS v2 Base Score: 4.9 | Impact Score: 4.9 | Exploitability Score: 6.8

VMScore: 436

Vector: AV:N/AC:M/Au:S/C:P/I:P/A:N

The File module in Drupal 7.x prior to 7.29 does not properly check permissions to view files, which allows remote authenticated users with certain permissions to bypass intended restrictions and read files by attaching the file to content with a file field.

Vulnerable Product	Search on Vulmon	Subscribe to Product
drupal drupal 7.0
drupal drupal 7.12
drupal drupal 7.13
drupal drupal 7.14
drupal drupal 7.15
drupal drupal 7.16
drupal drupal 7.3
drupal drupal 7.4
drupal drupal 7.5
drupal drupal 7.6
drupal drupal 7.20
drupal drupal 7.21
drupal drupal 7.22
drupal drupal 7.23
drupal drupal 7.1
drupal drupal 7.11
drupal drupal 7.18
drupal drupal 7.2
drupal drupal 7.24
drupal drupal 7.26
drupal drupal 7.8
drupal drupal 7.x-dev
drupal drupal 7.28
drupal drupal 7.10
drupal drupal 7.17
drupal drupal 7.19
drupal drupal 7.25
drupal drupal 7.27
drupal drupal 7.7
drupal drupal 7.9

Multiple security issues have been discovered in the Drupal content management system, ranging from denial of service to cross-site scripting More information can be found at wwwdrupalorg/SA-CORE-2014-003 For the stable distribution (wheezy), this problem has been fixed in version 714-2+deb7u5 For the testing distribution (jessie), th ...

CWE-264 https://www.drupal.org/SA-CORE-2014-003 http://www.debian.org/security/2014/dsa-2983 https://nvd.nist.gov https://www.debian.org/security/./dsa-2983

CVE-2014-5020

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect