Product
A Cross-Site Request Forgery (CSRF) vulnerability in Cotonti Siena versions 0.9.26 and earlier allows unauthenticated attackers to modify administrator configuration by tricking a logged-in administrator into submitting a forged POST request, enabling the upload and execution of arbitrary PHP files leading to remote code execution.