Project: Taxonomy File Tree
Security risk: *Moderately critical* 13∕25
Vulnerability: Access bypass
Taxonomy File Tree allows site managers to create file trees.
For files managed as Drupal files, the module does not properly check that a
user has access to a file before letting the user download the file.
This vulnerability only affects sites that use private files.
Install the latest version:
* If you use the Taxonomy File Tree module for Drupal 7.x, upgrade to Taxonomy File Tree 7.x-1.1
Also see the Taxonomy File Tree project page.