[Security-news] Advanced File Destination - Critical - Multiple vulnerabilities - SA-CONTRIB-2025-057
security-news at drupal.org
security-news at drupal.org
Wed May 14 18:04:32 UTC 2025
View online: https://www.drupal.org/sa-contrib-2025-057
Project: Advanced File Destination [1]
Date: 2025-May-14
Security risk: *Critical* 15 ∕ 25 Critical 16 ∕ 25
AC:Complex/A:Admin/CI:All/II:All/E:Theoretical/TD:All [2]
Vulnerability: Multiple vulnerabilities
Affected versions: *
Description:
The Advanced File Destination module enhances file upload management in
Drupal by allowing users to choose and create custom directories during file
uploads.
The module has multiple vulnerabilities that were reported through the Drupal
Security Team's coordinated vulnerability process. The project maintainer did
not follow the terms and conditions for hosting projects on drupal.org that
are opted into security coverage, so the module is losing its security
coverage. The private issues may be made public at the discretion of the
reporter and maintainer.
[1] https://www.drupal.org/project/advanced_file_destination
[2] https://www.drupal.org/security-team/risk-levels
More information about the Security-news
mailing list