Arvin

**Name of the Vulnerable Software and Affected Versions** kalvinGit kvf-admin up to f12a94dc1ebb7d1c51ee978a85e4c7ed75c620ff **Description** A critical issue has been found in the `fileUpload` function of the `FileUploadKit.java` file, allowing for unrestricted upload by manipulating the `file` argument. This can be initiated remotely. The exploit has been publicly disclosed and may be used. **Recommendations** As a temporary workaround, consider disabling the `fileUpload` function until a patch is available. Restrict access to the `FileUploadKit.java` file to minimize the risk of exploitation. Avoid using the `file` argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.