PT-2026-37139
Name of the Vulnerable Software and Affected Versions Admidio versions prior to 5.0.9 Description The 'ecard preview.php' endpoint fails to validate that the ecard template POST parameter is a safe filename before it is processed by the getEcardTemplate function. An authenticated user can exploit...