* Advisory ID: DRUPAL-SA-CONTRIB-2017-045
* Project: Webform Multiple File Upload (third-party module)
* Version: 7.x
* Date: 2017-May-10
* Security risk: 10/25 ( Moderately Critical)
* Vulnerability: Access bypass
This module enables you to upload multiple files at once in a webform.
The module doesn't sufficiently check access to file deletion urls.
This vulnerability is mitigated by the fact that an attacker must have a role
with the permission to edit all or their own webform submissions.
* webform_multifile 7.x-1.x versions prior to 7.x-1.5.
Drupal core is not affected. If you do not use the contributed Webform
Multiple File Upload  module, there is nothing you need to do.
Install the latest version:
* If you use the Webform Multiple File Upload module for Drupal 7.x,
to Webform Multiple File Upload 7.x-1.6
Also see the Webform Multiple File Upload project page: https://www.drupal.org/project/webform_multifile