2. Fixed: Default Admin Security (the admin:admin account is now disabled once another administrator is created).
3. Fixed: Information Disclosure (sensitive team data is now filtered out for non-admins).
4. Fixed: Denial of Service (added type-safe password checks and error handling for hashing functions).
5. Fixed: SQL Injection (implemented SCHEMA_WHITELIST for database restore validation).
6. Fixed: Path Traversal (sanitized filenames for administrative file uploads).
7. Preserved: Predictable File URLs (kept as an intentional vulnerability for CTF participants).
