CVE-2026-25923
The CVE describes a vulnerability in My Little Forum (PHP/MySQL) where the URL validation fails to filter the phar:// protocol before 20260208.1. This allows an attacker to upload a malicious Phar Polyglot disguised as a JPEG, trigger Phar deserialization via BBCode [img] processing, and leverage...