Tag
A critical vulnerability exists in ci4ms Theme::upload, where improper validation of ZIP archive entry names allows authenticated users with theme creation permissions to write files to arbitrary locations, leading to remote code execution.