CVE-2023-32679
Craft CMS is vulnerable to Remote Code Execution due to lack of file extension validation in template resolution (name parameter handling in View.php). Exploitation requires admin privileges on an environment configured for development/staging/production (e.g., ALLOW_ADMIN_CHANGES=true). The issu...