CVE-2024-25006 Information

Description

XenForo before 2.2.14 allows Directory Traversal (with write access) by an authenticated user who has permissions to administer styles and uses a ZIP archive for Styles Import.

Reference

https://xenforo.com/docs/xf2/permissions/ https://xenforo.com/tickets/BC37EB98/?v=5da7bd5728 https://xenforo.com/community/threads/xenforo-2-2-14-released.219044/