S0Nk3Y

**Name of the Vulnerable Software and Affected Versions** Wolf CMS versions prior to 0.8.3.1 **Description** The issue allows for unrestricted file upload and PHP code execution due to improper validation of the `filename` parameter in the file manager, accessible at the "admin/plugin/file manager/browse/" endpoint. This can be exploited by a registered user with upload access. **Recommendations** For versions prior to 0.8.3.1, update to version 0.8.3.1 to resolve the issue. As a temporary workaround, consider restricting access to the file manager or disabling the upload functionality until the update can be applied.