File Path Exposure Vulnerability in Drupal by Drupal
CVE-2023-31250
6.5MEDIUM
What is CVE-2023-31250?
This vulnerability arises from the inadequate sanitization of file paths within the file download functionality of Drupal. Exploitation of this flaw can allow users to access sensitive files that should remain private, posing a significant risk to user data and site integrity. It is crucial for Drupal administrators to review the release notes for their specific Drupal version and implement necessary configuration changes to secure their installations against this vulnerability.
Affected Version(s)
Core 7.0 < 7.96
Core 10.0 < 10.0.8
Core 9.5 < 9.5.8