CVE-2025-69770
MojoPortal CMS v2.9.0.1 is affected by a zip-slip vulnerability in the /DesignTools/SkinList.aspx endpoint that allows arbitrary command execution via uploaded crafted ZIP files. The issue arises from improper ZIP handling, enabling unintended file extraction with high impact (CVE-2025-69770). Re...