Fabarea

**Name of the Vulnerable Software and Affected Versions** fabarea media upload versions prior to 0.9.0 **Description** A critical vulnerability has been found in the function `getUploadedFileList` of the file Classes/Service/UploadFileService.php, which leads to pathname traversal. **Recommendations** For versions prior to 0.9.0, upgrade to version 0.9.0 to address this issue. As a temporary workaround, consider disabling the `getUploadedFileList` function until the patch is applied.