CVE-2009-3781 Information

Description

The filefield_file_download function in FileField 6.x-3.1 a module for Drupal does not properly check node-access permissions for Drupal core private files which allows remote attackers to access unauthorized files via unspecified vectors.

Reference

http://drupal.org/files/issues/filefield-node-access-fix-516104-3.patch http://drupal.org/node/516104 http://drupal.org/node/609874 http://drupal.org/node/611128 http://secunia.com/advisories/37130 http://www.securityfocus.com/bid/36792 https://exchange.xforce.ibmcloud.com/vulnerabilities/53897