The CDN module 6.x-2.2 and 7.x-2.2 for Drupal, when running in Origin Pull mode with the "Far Future expiration" option enabled, allows remote attackers to read arbitrary PHP files via unspecified vectors, as demonstrated by reading settings.php.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2012-08-28T16:00:00Z

Updated: 2024-09-17T02:56:29.222Z

Reserved: 2012-03-12T00:00:00Z

Link: CVE-2012-1645

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2012-08-28T17:55:03.577

Modified: 2024-11-21T01:37:23.057

Link: CVE-2012-1645

cve-icon Redhat

No data.