Vendor
A path traversal vulnerability in Chyrp Lite blogging engine prior to version 2026.01 allows an administrator or a user with Change Settings permission to download arbitrary files, including configuration files containing database credentials, and overwrite critical system files, leading to remote code execution.