The CDN module 6.x-2.2 and 7.x-2.2 for Drupal, when running in Origin Pull mode with the "Far Future expiration" option enabled, allows remote attackers to read arbitrary PHP files via unspecified vectors, as demonstrated by reading settings.php.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2012-08-28T16:00:00Z
Updated: 2024-09-17T02:56:29.222Z
Reserved: 2012-03-12T00:00:00Z
Link: CVE-2012-1645
Vulnrichment
No data.
NVD
Status : Modified
Published: 2012-08-28T17:55:03.577
Modified: 2024-11-21T01:37:23.057
Link: CVE-2012-1645
Redhat
No data.