Unrated severityNVD Advisory· Published Aug 28, 2012· Updated Apr 29, 2026

CVE-2012-1645

Description

The CDN module 6.x-2.2 and 7.x-2.2 for Drupal, when running in Origin Pull mode with the "Far Future expiration" option enabled, allows remote attackers to read arbitrary PHP files via unspecified vectors, as demonstrated by reading settings.php.

Affected products

Wimleers/Cdn2 versions
cpe:2.3:a:wimleers:cdn:6.x-2.2:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:wimleers:cdn:6.x-2.2:*:*:*:*:*:*:*
- cpe:2.3:a:wimleers:cdn:7.x-2.2:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

drupal.org/node/1441482nvdPatch
drupalcode.org/project/cdn.git/commitdiff/cd2a5ffnvdPatch
drupalcode.org/project/cdn.git/commitdiff/eca85e6nvdPatch
drupal.org/node/1441502nvdPatchVendor Advisory
secunia.com/advisories/48032nvdVendor Advisory
drupal.org/node/1441480nvd
www.openwall.com/lists/oss-security/2012/04/07/1nvd
www.osvdb.org/79317nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000