ci4-cms-erp/ci4ms Security Advisories for 0.31.4.0 (3)
-
[CRITICAL] CI4MS Theme::upload is vulnerable to Zip Slip leading to RCE
PKSA-tyjg-jzs3-mzjt CVE-2026-41203 GHSA-xv3r-vr59-95rg
Affected version: <0.31.5.0
Reported by:
GitHub -
[CRITICAL] CI4MS Backup::restore is vulnerable to Zip Slip leading to RCE
PKSA-2xsc-43zp-v4cr CVE-2026-41202 GHSA-xp9f-pvvc-57p4
Affected version: <0.31.5.0
Reported by:
GitHub -
[MEDIUM] CI4MS: Backup Management Full Account Takeover for All Roles & Privilege Escalation via Stored DOM Blind XSS
PKSA-219p-5b8k-2v2r CVE-2026-41201 GHSA-qxpq-82f3-xj47
Affected version: <0.31.5.0
Reported by:
GitHub