2008-10-29 15:00:00
mitre
PUBLISHED
The core upload module in Drupal 5.x before 5.11 allows remote authenticated users to bypass intended access restrictions and read "files attached to content" via unknown vectors.