This Guy

**Name of the Vulnerable Software and Affected Versions** Money Manager EX WebApp versions 1.2.2 **Description** The issue is related to Incorrect Access Control. The `redirect if not loggedin` function in `functions security.php` fails to terminate script execution after redirecting unauthenticated users. This flaw allows an unauthenticated attacker to upload arbitrary files, potentially leading to Remote Code Execution. **Recommendations** For version 1.2.2, as a temporary workaround, consider disabling the `redirect if not loggedin` function in `functions security.php` until a patch is available. Restrict access to file upload functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.