Tag
CI4MS versions before 0.31.4.0 are vulnerable to unauthenticated takeover due to a flawed install route guard that allows overwriting the .env file with attacker-controlled database credentials when the database is temporarily unreachable.