CVE-2022-39367
Summary of CVE-2022-39367 (QTIWorks) : Prior to version 1.0-beta15, QTIWorks Engine allows uploading QTI content ZIP packages. The ZIP handling code does not properly validate file paths inside ZIPs, enabling insertion of files into arbitrary locations writable by the Engine process and potential...