CVE-2012-1591 Information
Share on:
Feb 14, 2021
cve
Description
The image module in Drupal 7.x before 7.14 does not properly check permissions when caching derivative image styles of private images which allows remote attackers to read private image styles.
Reference
http://drupal.org/drupal-7.14 http://drupal.org/node/1507988 http://drupal.org/node/1557938 http://drupalcode.org/project/drupal.git/commit/3bf6761ff7537dc68e22ea73f155134f3cfd41a8 http://secunia.com/advisories/49012 http://www.mandriva.com/security/advisories?name=MDVSA-2013:074 http://www.securityfocus.com/bid/53359