Vulnerability Database

313,825

Total vulnerabilities in the database

CVE-2012-1591

The image module in Drupal 7.x before 7.14 does not properly check permissions when caching derivative image styles of private images, which allows remote attackers to read private image styles.

  • Published: Oct 1, 2012
  • Updated: Nov 9, 2025
  • CVE: CVE-2012-1591
  • Severity: Medium
  • Exploit:

CVSS v2:

  • Severity: Medium
  • Score: 5
  • AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

Software From Fixed in
Composer icon drupal / drupal 7.0-alpha5 7.0-alpha5.x
Composer icon drupal / drupal 7.0-dev 7.0-dev.x
Composer icon drupal / drupal 7.0-alpha7 7.0-alpha7.x
Composer icon drupal / drupal 7.0-rc2 7.0-rc2.x
Composer icon drupal / drupal 7.0-rc4 7.0-rc4.x
Composer icon drupal / drupal 7.0-beta2 7.0-beta2.x
Composer icon drupal / drupal 7.0-rc3 7.0-rc3.x
Composer icon drupal / drupal 7.0-alpha1 7.0-alpha1.x
Composer icon drupal / drupal 7.3 7.3.x
Composer icon drupal / drupal 7.8 7.8.x
Composer icon drupal / drupal 7.0-alpha4 7.0-alpha4.x
Composer icon drupal / drupal 7.13 7.13.x
Composer icon drupal / drupal 7.5 7.5.x
Composer icon drupal / drupal 7.10 7.10.x
Composer icon drupal / drupal 7.6 7.6.x
Composer icon drupal / drupal 7.12 7.12.x
Composer icon drupal / drupal 7.9 7.9.x
Composer icon drupal / drupal 7.0-rc1 7.0-rc1.x
Composer icon drupal / drupal 7.0-beta3 7.0-beta3.x
Composer icon drupal / drupal 7.4 7.4.x
Composer icon drupal / drupal 7.x-dev 7.x-dev.x
Composer icon drupal / drupal 7.0-alpha2 7.0-alpha2.x
Composer icon drupal / drupal 7.11 7.11.x
Composer icon drupal / drupal 7.0-alpha6 7.0-alpha6.x
Composer icon drupal / drupal 7.0 7.0.x
Composer icon drupal / drupal 7.0-beta1 7.0-beta1.x
Composer icon drupal / drupal 7.1 7.1.x
Composer icon drupal / drupal 7.7 7.7.x
Composer icon drupal / drupal 7.0-alpha3 7.0-alpha3.x
Composer icon drupal / drupal 7.2 7.2.x