EUVD-2024-51516

Malicious code in bioql PyPI...

The vulnerability of the Drupal CMS system’s “Download All Files” module, related to the lack of authentication, allows attackers to bypass security restrictions and execute a forced browsing attack.

The vulnerability of the “Download All Files” module in Drupal systems is related to the lack of authentication. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and execute a Forceful Browsing attack...

CVE-2024-13303

Missing Authorization vulnerability in Drupal Download All Files allows Forceful Browsing.This issue affects Download All Files: from 0.0.0 before 2.0.2...

CVE-2024-13303

CVE-2024-13303 affects the Drupal module “Download All Files” (vulnerable: 0.0.0–2.0.1) and is due to a Missing Authorization flaw that enables forceful browsing to access files that should be protected. Public references confirm the issue as an access bypass vulnerability in this contrib module,...

CVE-2024-13303 Download All Files - Critical - Access bypass - SA-CONTRIB-2024-069

Missing Authorization vulnerability in Drupal Download All Files allows Forceful Browsing.This issue affects Download All Files: from 0.0.0 before 2.0.2...

Drupal Download All Files module < 2.0.2 - Unauthenticated Broken Access Control vulnerability

Unauthenticated Broken Access Control vulnerability discovered by Pierre Rudloff in WordPress Module Download All Files versions 2.0.2...

PT-2024-10085 · Drupal · Download All Files

Name of the Vulnerable Software and Affected Versions: Download All Files versions 0.0.0 through 2.0.1 Description: The issue is related to a Missing Authorization vulnerability in the Download All Files module for the Drupal CMS, which allows for Forceful Browsing. This vulnerability can be...