CVE-2009-3207 Information

Description

The ImageCache module 5.x before 5.x-2.5 and 6.x before 6.x-2.0-beta10 a module for Drupal when the private file system is used does not properly perform access control for derivative images which allows remote attackers to view arbitrary images via a request that specifies an image’s filename.

Reference

http://drupal.org/node/505904 http://drupal.org/node/554084 http://drupal.org/node/554086 http://drupal.org/node/554090 http://secunia.com/advisories/36412 https://exchange.xforce.ibmcloud.com/vulnerabilities/52595