Drupal is vulnerable to authorization bypass. Through the File module, attackers are able to view, delete, or substitute links to a file uploaded to a form that has yet to be processed. If this attack is done continuously, file uploads to the application may be blocked by deleting files before they can be saved.
CPE | Name | Operator | Version |
---|---|---|---|
drupal/core | le | 8.0.3 | |
drupal/drupal | le | 8.0.3 |