Vulnerability Database

313,825

Total vulnerabilities in the database

CVE-2012-5652

Drupal 6.x before 6.27 allows remote attackers to obtain sensitive information about uploaded files via a (1) RSS feed or (2) search result.

Published: Jan 3, 2013
Updated: Nov 9, 2025
CVE: CVE-2012-5652
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
drupal / drupal	6.0-beta2	6.0-beta2.x
drupal / drupal	6.0-rc2	6.0-rc2.x
drupal / drupal	6.2	6.2.x
drupal / drupal	6.14	6.14.x
drupal / drupal	6.24	6.24.x
drupal / drupal	6.13	6.13.x
drupal / drupal	6.0-dev	6.0-dev.x
drupal / drupal	6.25	6.25.x
drupal / drupal	6.18	6.18.x
drupal / drupal	6.0-beta4	6.0-beta4.x
drupal / drupal	6.12	6.12.x
drupal / drupal	6.0-rc3	6.0-rc3.x
drupal / drupal	6.0-rc4	6.0-rc4.x
drupal / drupal	6.4	6.4.x
drupal / drupal	6.11	6.11.x
drupal / drupal	6.0-beta1	6.0-beta1.x
drupal / drupal	6.26	6.26.x
drupal / drupal	6.7	6.7.x
drupal / drupal	6.22	6.22.x
drupal / drupal	6.8	6.8.x
drupal / drupal	6.19	6.19.x
drupal / drupal	6.1	6.1.x
drupal / drupal	6.21	6.21.x
drupal / drupal	6.17	6.17.x
drupal / drupal	6.5	6.5.x
drupal / drupal	6.10	6.10.x
drupal / drupal	6.23	6.23.x
drupal / drupal	6.6	6.6.x
drupal / drupal	6.0	6.0.x
drupal / drupal	6.15	6.15.x
drupal / drupal	6.0-beta3	6.0-beta3.x
drupal / drupal	6.16	6.16.x
drupal / drupal	6.3	6.3.x
drupal / drupal	6.0-rc1	6.0-rc1.x
drupal / drupal	6.20	6.20.x
drupal / drupal	6.9	6.9.x

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime