CVE-2026-41934

Name of the Vulnerable Software and Affected Versions Vvveb versions prior to 1.0.8.2

Description The admin code editor allows authenticated users with low privileges, such as editor, author, contributor, or site admin roles, to execute arbitrary code. This is possible due to insufficient file extension restrictions, enabling attackers to write a malicious .htaccess file to map arbitrary extensions to the PHP handler. Subsequently, PHP code can be uploaded using those extensions to achieve remote code execution when the file is accessed via HTTP.

Recommendations Update to version 1.0.8.2 or later.