Product
An authenticated attacker can exploit a path traversal vulnerability (GHSA-hgjx-r89m-m7v4) in FacturaScripts versions 2025 through 2026.2's file upload functionality to write arbitrary files outside intended directories, leading to remote code execution as the web-server user.