Unrated severityNVD Advisory· Published Oct 31, 2012· Updated Apr 29, 2026

CVE-2012-4495

Description

The Mime Mail module 6.x-1.x before 6.x-1.1 for Drupal does not properly restrict access to files outside Drupal's publish files directory, which allows remote authenticated users to send arbitrary files as attachments.

Affected products

Mime Mail Module Project/Mimemail12 versions
cpe:2.3:a:mime_mail_module_project:mimemail:6.x-1.0:*:*:*:*:*:*:*+ 11 more
- cpe:2.3:a:mime_mail_module_project:mimemail:6.x-1.0:*:*:*:*:*:*:*
- cpe:2.3:a:mime_mail_module_project:mimemail:6.x-1.0:alpha1:*:*:*:*:*:*
- cpe:2.3:a:mime_mail_module_project:mimemail:6.x-1.0:alpha2:*:*:*:*:*:*
- cpe:2.3:a:mime_mail_module_project:mimemail:6.x-1.0:alpha3:*:*:*:*:*:*
- cpe:2.3:a:mime_mail_module_project:mimemail:6.x-1.0:alpha4:*:*:*:*:*:*
- cpe:2.3:a:mime_mail_module_project:mimemail:6.x-1.0:alpha5:*:*:*:*:*:*
- cpe:2.3:a:mime_mail_module_project:mimemail:6.x-1.0:alpha6:*:*:*:*:*:*
- cpe:2.3:a:mime_mail_module_project:mimemail:6.x-1.0:alpha7:*:*:*:*:*:*
- cpe:2.3:a:mime_mail_module_project:mimemail:6.x-1.0:alpha8:*:*:*:*:*:*
- cpe:2.3:a:mime_mail_module_project:mimemail:6.x-1.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:mime_mail_module_project:mimemail:6.x-1.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:mime_mail_module_project:mimemail:6.x-1.x:dev:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

drupal.org/node/1719446nvdPatch
drupal.org/node/1719482nvdPatchVendor Advisory
drupalcode.org/project/mimemail.git/commitdiff/ae065d1nvd
www.openwall.com/lists/oss-security/2012/10/04/6nvd
www.openwall.com/lists/oss-security/2012/10/07/1nvd
www.securityfocus.com/bid/54914nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000