The filefield_file_download function in FileField 6.x-3.1, a module for Drupal, does not properly check node-access permissions for Drupal core private files, which allows remote attackers to access unauthorized files via unspecified vectors.
References
Link | Resource |
---|---|
http://drupal.org/files/issues/filefield-node-access-fix-516104-3.patch | Patch |
http://drupal.org/node/516104 | Issue Tracking Patch Third Party Advisory |
http://drupal.org/node/609874 | Release Notes |
http://drupal.org/node/611128 | Patch Third Party Advisory |
http://secunia.com/advisories/37130 | Broken Link Third Party Advisory |
http://www.securityfocus.com/bid/36792 | Broken Link Patch Third Party Advisory VDB Entry |
https://exchange.xforce.ibmcloud.com/vulnerabilities/53897 | Third Party Advisory VDB Entry |
Configurations
History
No history.
Information
Published : 2009-10-26 17:30
Updated : 2024-02-02 02:10
NVD link : CVE-2009-3781
Mitre link : CVE-2009-3781
CVE.ORG link : CVE-2009-3781
JSON object : View
Products Affected
quicksketch
- filefield
CWE
CWE-862
Missing Authorization