Access bypass in Drupal - CVE-2012-0827
Published: September 15, 2016
Vulnerability identifier: #VU476
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2012-0827
CWE-ID: CWE-284
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Drupal
Affected software:
Drupal
Drupal
Detailed vulnerability description
The vulnerability allows a remote user to become allowed to download information.
The weakness exists due to access control error. Combined using of private files and field access modules helps unallowed users to get permission from File module to download files.
Successful exploitation of the vulnerability allows user to download files on the certain fields.
The weakness exists due to access control error. Combined using of private files and field access modules helps unallowed users to get permission from File module to download files.
Successful exploitation of the vulnerability allows user to download files on the certain fields.
How to mitigate CVE-2012-0827
Update 7.x to 7.11.
https://www.drupal.org/node/1425092
https://www.drupal.org/node/1425092