CVE-2021-33199
CVE-2021-33199 affects Expression Engine prior to 6.0.3. The vulnerability resides in addonIcon in Addons/file/mod.file.php, which uses the untrusted input value input->get('file') instead of the fixed file names icon.png and icon.svg. This results in input validation issues with the addonIcon...