View online: https://www.drupal.org/sa-contrib-2025-057

Project: Advanced File Destination [1] Date: 2025-May-14 Security risk: *Critical* 15 ∕ 25 Critical 16 ∕ 25 AC:Complex/A:Admin/CI:All/II:All/E:Theoretical/TD:All [2] Vulnerability: Multiple vulnerabilities

Affected versions: * Description:  The Advanced File Destination module enhances file upload management in Drupal by allowing users to choose and create custom directories during file uploads.

The module has multiple vulnerabilities that were reported through the Drupal Security Team's coordinated vulnerability process. The project maintainer did not follow the terms and conditions for hosting projects on drupal.org that are opted into security coverage, so the module is losing its security coverage. The private issues may be made public at the discretion of the reporter and maintainer.

[1] https://www.drupal.org/project/advanced_file_destination [2] https://www.drupal.org/security-team/risk-levels