Code injection

2012-10-0100:55:00

PRIOn knowledge base

www.prio-n.com

7 High

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

79.0%

JSON

The image module in Drupal 7.x before 7.14 does not properly check permissions when caching derivative image styles of private images, which allows remote attackers to read private image styles.

CPENameOperatorVersion
drupaleq7.0 alpha5
drupaleq7.0 dev
drupaleq7.0 alpha7
drupaleq7.0 rc2
drupaleq7.0 rc4
drupaleq7.0 beta2
drupaleq7.0 rc3
drupaleq7.0 alpha1
drupaleq7.3
drupaleq7.8

Name	Operator	Version
drupal	eq	7.0 alpha5
drupal	eq	7.0 dev
drupal	eq	7.0 alpha7
drupal	eq	7.0 rc2
drupal	eq	7.0 rc4
drupal	eq	7.0 beta2
drupal	eq	7.0 rc3
drupal	eq	7.0 alpha1
drupal	eq	7.3
drupal	eq	7.8