CVE-2026-41202
The CVE describes a Zip Slip/quasi-directory-traversal in ci4ms Backup::restore for ci4ms (CodeIgniter 4-based CMS skeleton). Before v0.31.5.0, restoring uploaded ZIP archives does not validate entry names, allowing an authenticated backend user with backup-create permission to write files outsid...