First published: Wed Nov 13 2019(Updated: )
hook_file_download in the CKEditor module 7.x-1.4 for Drupal does not properly restrict access to private files, which allows remote attackers to read private files via a direct request.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Ckeditor Ckeditor | =7.x-1.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2011-4972 is high.
The affected software for CVE-2011-4972 is CKEditor module 7.x-1.4 for Drupal.
CVE-2011-4972 allows remote attackers to read private files on Drupal websites.
Yes, fixes for CVE-2011-4972 are available on the Drupal website.
You can find more information about CVE-2011-4972 on the Drupal website and Openwall.