Description
Drupal 6.x before 6.27 allows remote attackers to obtain sensitive information about uploaded files via a (1) RSS feed or (2) search result.
Remediation
References
Related Vulnerabilities
WordPress Plugin WordPress Video Player Multiple SQL Injection Vulnerabilities (1.5.16)
WordPress Plugin DW Mega Menu Cross-Site Request Forgery (1.0.1)
Jboss EAP Incorrect Authorization Vulnerability (CVE-2017-12196)
Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-1999006)
YOURLS Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2022-0088)