CVE-2025-8120 — Due to client-controlled permission check parameter, PAD CMS's upload photo functionality allows an unauthenticated remote attacker to upload files of any type and extension without restriction, w — CVE Database · The Intelligence Room