Directory Traversal to Authenticated (Administrator+) Limited Arbitrary File Read via download_file Function vulnerability
24 March, 2025
Authenticated (Admin+) PHP Object Injection via form_data Parameter vulnerability
24 March, 2025
Directory Traversal to Authenticated (Administrator+) Limited Arbitrary File Deletion via admin_log_page Function vulnerability
24 March, 2025
Authenticated (Administrator+) ServerSide Request Forgery via validate_file Function vulnerability
24 March, 2025
Deserialization of untrusted data vulnerability
22 April, 2024