Crafted URL allows downloading of BLOBs that are not visible to the user
Anonymous users can use a crafted URL to illegitimately download Files and Images. Thanks to Karl Johan Kleist who found that this had been incorrectly reported, and let the security team know.
Information for security researchers
CVE Identifier: CVE-2012-5501
Impact Subscore: 4.9
Exploitability Subscore: 10
Overall CVSS Score: 5
Credit: Alessandro SauZheR