Unrated severityNVD Advisory· Published Dec 1, 2014· Updated May 6, 2026
CVE-2014-9156
CVE-2014-9156
Description
The FileField module 6.x-3.x before 6.x-3.13 for Drupal does not properly check permissions to view files, which allows remote authenticated users with permission to create or edit content to read private files by attaching an uploaded file.
Affected products
1- cpe:2.3:a:filefield_project:filefield:*:*:*:*:*:drupal:*:*Range: <=6.x-3.12
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- cgit.drupalcode.org/filefield/commit/nvdVendor Advisory
- www.drupal.org/node/2304517nvdVendor Advisory
- www.drupal.org/node/2304561nvdVendor Advisory
News mentions
0No linked articles in our index yet.