Privilege escalation to root can be achieved by a regular user via the password reset form exploiting a directory traversal vulnerability.| cardaci.xyz
Privilege escalation to root can be achieved by a regular user via the file upload handler exploiting an insufficient shell escaping mechanism.| cardaci.xyz
The insufficient output sanitization and inappropriate content type of the responses of the file manager API allows to run arbitrary JavaScript code in the context of the web application.| cardaci.xyz