2012-10-31 16:00:00
redhat
PUBLISHED
The Mime Mail module 6.x-1.x before 6.x-1.1 for Drupal does not properly restrict access to files outside Drupals publish files directory, which allows remote authenticated users to send arbitrary files as attachments.