Passwd7

**Name of the Vulnerable Software and Affected Versions** Dreamer CMS versions up to 4.1.3.0 **Description** A critical issue has been found, affecting the `ZipUtils.unZipFiles` function of the file `controller/admin/ThemesController.java`. This leads to path traversal and can be exploited remotely. The issue has been publicly disclosed and may be used for attacks. **Recommendations** For Dreamer CMS versions up to 4.1.3.0, upgrade to version 4.1.3.1 to address this issue. As a temporary workaround, consider disabling the `ZipUtils.unZipFiles` function until the patch is applied. Restrict access to the `ThemesController.java` file to minimize the risk of exploitation.