CVE-2012-0827

The File module in Drupal 7.x before 7.11, when using unspecified field access modules, allows remote authenticated users to read arbitrary private files that are associated with restricted fields via unspecified vectors.

Published: Oct 28, 2013
Updated: Apr 13, 2023
CVE: CVE-2012-0827
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 3.5
AV:N/AC:M/Au:S/C:P/I:N/A:N

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
drupal / drupal	7.0-alpha5	7.0-alpha5.x
drupal / drupal	7.0-dev	7.0-dev.x
drupal / drupal	7.0-alpha7	7.0-alpha7.x
drupal / drupal	7.0-rc2	7.0-rc2.x
drupal / drupal	7.0-rc4	7.0-rc4.x
drupal / drupal	7.0-beta2	7.0-beta2.x
drupal / drupal	7.0-rc3	7.0-rc3.x
drupal / drupal	7.0-alpha1	7.0-alpha1.x
drupal / drupal	7.3	7.3.x
drupal / drupal	7.8	7.8.x
drupal / drupal	7.0-alpha4	7.0-alpha4.x
drupal / drupal	7.5	7.5.x
drupal / drupal	7.10	7.10.x
drupal / drupal	7.6	7.6.x
drupal / drupal	7.9	7.9.x
drupal / drupal	7.0-rc1	7.0-rc1.x
drupal / drupal	7.0-beta3	7.0-beta3.x
drupal / drupal	7.4	7.4.x
drupal / drupal	7.x-dev	7.x-dev.x
drupal / drupal	7.0-alpha2	7.0-alpha2.x
drupal / drupal	7.0-alpha6	7.0-alpha6.x
drupal / drupal	7.0	7.0.x
drupal / drupal	7.0-beta1	7.0-beta1.x
drupal / drupal	7.1	7.1.x
drupal / drupal	7.7	7.7.x
drupal / drupal	7.0-alpha3	7.0-alpha3.x
drupal / drupal	7.2	7.2.x

https://drupal.org/node/1425084

Vulnerability Database

290,020

CVE-2012-0827