DownFile Multiple Admin Script Direct Request Authentication Bypass
Remote / Network Access
Loss of Integrity
DownFile contains a flaw that may allow a remote attacker to bypass authentication settings. The issue is triggered when directly requesting the 'update.php', 'del.php' and 'add_form.php' scripts, which may allow a remote attacker to gain access to administrative privileges resulting in a loss of integrity.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.