Primary

Context

Drupal Download All Files Missing Authorization Vulnerability Allowing Forceful Browsing

Vulnerability

A missing authorization vulnerability has been identified in the Drupal Download All Files module, versions prior to 2.0.2. This vulnerability allows for forceful browsing, enabling users to download files they should not have access to.

Impact

Exploitation of this vulnerability could lead to unauthorized file downloads, allowing users to access files they are not permitted to.

Remediation

Users of the Download All Files module should upgrade to version 2.0.2.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Drupal Download All Files Missing Authorization Vulnerability Allowing Forceful Browsing

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating