CVE-2012-0827

Published: Oct 28, 2013Modified: Apr 29, 2026

3.5

Vector

AV:N/AC:M/Au:S/C:P/I:N/A:N

Exploitability: 6.8 / Impact: 2.9

Source: NVD

Description

The File module in Drupal 7.x before 7.11, when using unspecified field access modules, allows remote authenticated users to read arbitrary private files that are associated with restricted fields via unspecified vectors.

Affected (27)

Products: Drupal: Drupal

Drupal

1 product

Drupal

Configuration A

27 vulnerable

Vulnerable Software	Affected Versions
Drupal Drupal	Version 7.0
Drupal Drupal	Version 7.0 alpha1
Drupal Drupal	Version 7.0 alpha2
Drupal Drupal	Version 7.0 alpha3
Drupal Drupal	Version 7.0 alpha4
Drupal Drupal	Version 7.0 alpha5
Drupal Drupal	Version 7.0 alpha6
Drupal Drupal	Version 7.0 alpha7
Drupal Drupal	Version 7.0 beta1
Drupal Drupal	Version 7.0 beta2
Drupal Drupal	Version 7.0 beta3
Drupal Drupal	Version 7.0 dev
Drupal Drupal	Version 7.0 rc1
Drupal Drupal	Version 7.0 rc2
Drupal Drupal	Version 7.0 rc3
Drupal Drupal	Version 7.0 rc4
Drupal Drupal	Version 7.10
Drupal Drupal	Version 7.1
Drupal Drupal	Version 7.2
Drupal Drupal	Version 7.3
Drupal Drupal	Version 7.4
Drupal Drupal	Version 7.5
Drupal Drupal	Version 7.6
Drupal Drupal	Version 7.7
Drupal Drupal	Version 7.8
Drupal Drupal	Version 7.9
Drupal Drupal	Version 7.x-dev

Related CWEs

CWE-264

References (2)

https://drupal.org/node/1425084

Source: secalert@redhat.com

PatchVendor Advisory

https://drupal.org/node/1425084

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.