Skip to content
High Published: Oct 26, 2009 Modified: Apr 09, 2025

CVE-2009-3781

7.5 CVSS Score High
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Export CVE-2009-3781 Data:
Share:
Link copied!

Description

The filefield_file_download function in FileField 6.x-3.1, a module for Drupal, does not properly check node-access permissions for Drupal core private files, which allows remote attackers to access unauthorized files via unspecified vectors.

CVSS Vector Details

Attack Vector Network
Attack Complexity Low
Confidentiality P
Integrity P
Availability P

Affected Software Configurations

  • a quicksketch filefield 6.x-3.1 * * * * drupal * *

Weaknesses (CWE)

  • CWE-862

References & External Links

External Resources

NVD Official Record Exploit-DB Search Exploits CVE Details Statistics GitHub PoC / Tools X / Twitter Discussions Google Search More

Related Vulnerabilities

CVE-2005-3623 CVSS 0 Same weakness: CWE-862 CVE-2006-4483 CVSS 0 Same weakness: CWE-862 CVE-2008-6548 CVSS 0 Same weakness: CWE-862 CVE-2009-2282 CVSS 0 Same weakness: CWE-862 CVE-2009-3168 CVSS 7.2 Same weakness: CWE-862

CVE History Timeline

Oct 27, 2009 20:25 Initial Analysis
Aug 17, 2017 01:31 CVE Modified
Feb 02, 2024 02:10 Modified Analysis
May 14, 2024 02:11 CVE Modified
Nov 21, 2024 01:08 CVE Modified
← Back to CVE Tracker