CVE-2023-27060

LightCMS v1.3.7 was discovered to contain a remote code execution (RCE) vulnerability via the image:make function.

CVE-2021-27112

LightCMS v1.3.5 contains a remote code execution vulnerability in /app/Http/Controllers/Admin/NEditorController.php during the downloading of external images.