LOW
AREA 17
CVE published 2026-07-13
CVE-2026-15518
A vulnerability was found in AREA 17 Twill CMS up to 3.6.0, affecting the FileLibraryController::storeFile function in src/Http/Controllers/Admin/FileLibraryController.php. This allows for unrestricted upload by manipulating the qqfilename argument. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not [truncated]