Home > Vulnerability Database > CVE-2011-2726

Mend.io Vulnerability Database

CVE-2011-2726

Good to know:

Date: November 15, 2019

An access bypass issue was found in Drupal 7.x before version 7.5. If a Drupal site has the ability to attach File upload fields to any entity type in the system or has the ability to point individual File upload fields to the private file directory in comments, and the parent node is denied access, non-privileged users can still download the file attached to the comment if they know or guess its direct URL.

Language: PHP

Severity Score

7.5

Related Resources (8)

Url: http://www.openwall.com/lists/oss-security/2012/03/20/14

Url: https://access.redhat.com/security/cve/cve-2011-2726

Url: https://www.drupal.org/node/1231510

Url: http://www.openwall.com/lists/oss-security/2012/03/19/10

Url: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2726

Url: https://nvd.nist.gov/vuln/detail/CVE-2011-2726

Url: https://security-tracker.debian.org/tracker/CVE-2011-2726

Url: https://www.mend.io/vulnerability-database/CVE-2011-2726

Severity Score

7.5

Weakness Type (CWE)

Incorrect Authorization

CWE-863

Top Fix

Upgrade Version

Upgrade to version 7.5

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	5.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2011-2726

Good to know:

Date: November 15, 2019

Language: PHP

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?