Byteafterlife

**Name of the Vulnerable Software and Affected Versions** FileBrowser Quantum versions prior to 1.1.3-stable FileBrowser Quantum versions prior to 1.2.6-beta **Description** FileBrowser Quantum is a self-hosted, web-based file manager. Prior to versions 1.1.3-stable and 1.2.6-beta, a flaw existed where password-protected file shares could be bypassed, allowing unauthorized download access. The issue stemmed from the API returning a direct download link within the share details, accessible with only the share link, circumventing the password requirement. The vulnerable API endpoint provides access to the file without authentication. The `share link` is the vulnerable parameter. **Recommendations** Update to FileBrowser Quantum version 1.1.3-stable or later. Update to FileBrowser Quantum version 1.2.6-beta or later.