CVE-2011-4972

Published: 2019-11-13T21:15Z

Last Modified: 2024-11-21T01:33Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

hook_file_download in the CKEditor module 7.x-1.4 for Drupal does not properly restrict access to private files, which allows remote attackers to read private files via a direct request. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt