cve/2013/CVE-2013-0246.md

CVE-2013-0246

Description

The Image module in Drupal 7.x before 7.19, when a private file system is used, does not properly restrict access to derivative images, which allows remote attackers to read derivative images of otherwise restricted images via unspecified vectors.

POC

Reference

• http://packetstormsecurity.com/files/119598/Drupal-Core-6.x-7.x-Cross-Site-Scripting-Access-Bypass.html

Github

No PoCs found on GitHub currently.