CVE-2014-9156

The FileField module 6.x-3.x before 6.x-3.13 for Drupal does not properly check permissions to view files, which allows remote authenticated users with permission to create or edit content to read private files by attaching an uploaded file.
Configurations

Configuration 1 (hide)

cpe:2.3:a:filefield_project:filefield:*:*:*:*:*:drupal:*:*

History

No history.

Information

Published : 2014-12-01 16:59

Updated : 2024-02-28 12:20


NVD link : CVE-2014-9156

Mitre link : CVE-2014-9156

CVE.ORG link : CVE-2014-9156


JSON object : View

Products Affected

filefield_project

  • filefield
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor