CVE-2024-25006
CVE-2024-25006 affects XenForo prior to 2.2.14. An authenticated user with permission to administer styles can trigger a Directory Traversal vulnerability when using a Styles Import ZIP, potentially exposing file access with writeable context. The entry notes a high severity (CVSS v3.1: 8.1, AV:N...