Shifeiqing121

**Name of the Vulnerable Software and Affected Versions** taisan tarzan-cms versions up to 1.0.0 **Description** This issue affects the function `upload` of the file "/admin#themes" of the component Add Theme Handler. The manipulation leads to deserialization. The attack may be initiated remotely. **Recommendations** For taisan tarzan-cms versions up to 1.0.0, consider disabling the `upload` function of the Add Theme Handler component until a patch is available. Restrict access to the "/admin#themes" endpoint to minimize the risk of exploitation.