Unrated severityNVD Advisory· Published Aug 28, 2012· Updated Jun 16, 2026
CVE-2012-1645
CVE-2012-1645
Description
The CDN module 6.x-2.2 and 7.x-2.2 for Drupal, when running in Origin Pull mode with the "Far Future expiration" option enabled, allows remote attackers to read arbitrary PHP files via unspecified vectors, as demonstrated by reading settings.php.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3Patches
Vulnerability mechanics
References
8- drupal.org/node/1441482nvdPatch
- drupalcode.org/project/cdn.git/commitdiff/cd2a5ffnvdPatch
- drupalcode.org/project/cdn.git/commitdiff/eca85e6nvdPatch
- drupal.org/node/1441502nvdPatchVendor Advisory
- secunia.com/advisories/48032nvdVendor Advisory
- drupal.org/node/1441480nvd
- www.openwall.com/lists/oss-security/2012/04/07/1nvd
- www.osvdb.org/79317nvd
News mentions
0No linked articles in our index yet.