HomePentest-Tools.com Logo

Drupal 7.0 < 7.91, 8.0 < 9.3.19, 9.4.0 < 9.4.3 Information Disclosure (SA-CORE-2022-012) - Windows CVE-2022-25275

Severity
CVSSv3 Score
7.5
Vulnerability description

Drupal is prone to an information disclosure vulnerability.

Risk description

The Image module does not correctly check access to image files not stored in the standard public directory when generating derivative images using the image styles system. Access to a non-public file is checked only if it is stored in the private file system. However some contributed modules provide additional file systems, or schemes which may lead to this vulnerability.

Recommendation

Update to version 7.91, 9.3.19, 9.4.3 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Apr 26, 2023
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available