Vigil@nce - Drupal FileField Sources: file reading
November 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use Drupal FileField Sources, in order to obtain
sensitive information.
Impacted products: Drupal Modules
Severity: 2/4
Creation date: 31/10/2013
DESCRIPTION OF THE VULNERABILITY
The FileField Sources module is used to process files.
However, access permissions to existing files are not checked.
An attacker can therefore use Drupal FileField Sources, in order
to obtain sensitive information.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Drupal-FileField-Sources-file-reading-13677