CVE-2024-9981

The ee-class from FormosaSoft does not properly validate a specific page parameter, allowing remote attackers with regular privileges to upload a malicious PHP file first and then exploit this vulnerability to include the file, resulting in arbitrary code execution on the server. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt