Design/Logic Flaw

2009-10-2617:30:00

PRIOn knowledge base

www.prio-n.com

7.2 High

AI Score

Confidence

Low

0.013 Low

EPSS

Percentile

86.1%

JSON

The filefield_file_download function in FileField 6.x-3.1, a module for Drupal, does not properly check node-access permissions for Drupal core private files, which allows remote attackers to access unauthorized files via unspecified vectors.

CPENameOperatorVersion
filefieldeq6.120.31

CPE	Name	Operator	Version
	filefield	eq	6.120.31

References

secunia.com/advisories/37130

www.securityfocus.com/bid/36792

drupal.org/files/issues/filefield-node-access-fix-516104-3.patch

drupal.org/node/516104

drupal.org/node/609874

drupal.org/node/611128

exchange.xforce.ibmcloud.com/vulnerabilities/53897