CVE-2013-0246

The Image module in Drupal 7.x before 7.19, when a private file system is used, does not properly restrict access to derivative images, which allows remote attackers to read derivative images of otherwise restricted images via unspecified vectors.

Date published : 2013-07-16

https://drupal.org/SA-CORE-2013-001

http://seclists.org/fulldisclosure/2013/Jan/120