Arbitrary File Upload
Overview Affected versions of this package are vulnerable to Arbitrary File Upload via the addImageAction process. An attacker can execute arbitrary code on the server by uploading a file with executable extensions disguised as an image, bypassing MIME type validation. This is only exploitable if...