Exponent CMS before 2.6.0 has improper input validation in fileController.php. Date published : 2020-12-30 https://exponentcms.lighthouseapp.com/projects/61783/