Drupal is vulnerable to authorization bypass. Through the File module, attackers are able to view, delete, or substitute links to a file uploaded to a form that has yet to be processed. If this attack is done continuously, file uploads to the application may be blocked by deleting files before they can be saved.