Greetings,
I have identified multiple critical security vulnerabilities in this application, including unauthenticated Remote Code Execution (RCE) and Authentication Bypass.
I have attempted to contact the maintainer via email (ayondip***@gmail.com and ayondip@dev*******.com) to disclose these issues privately.
This issue is opened to track the disclosure process.
Disclosure Timeline:
- Initial Contact: December 16, 2025 (Emails sent).
- Public Disclosure Date: December 23, 2025 (If no response is received).
In accordance with standard responsible disclosure guidelines, if I do not receive a response by December 23, 2025, I will proceed with public disclosure and a CVE request to ensure the community is aware of this risk."
Regards,
Nixon-H
Greetings,
I have identified multiple critical security vulnerabilities in this application, including unauthenticated Remote Code Execution (RCE) and Authentication Bypass.
I have attempted to contact the maintainer via email (
ayondip***@gmail.comandayondip@dev*******.com) to disclose these issues privately.This issue is opened to track the disclosure process.
Disclosure Timeline:
In accordance with standard responsible disclosure guidelines, if I do not receive a response by December 23, 2025, I will proceed with public disclosure and a CVE request to ensure the community is aware of this risk."
Regards,
Nixon-H