932cdd8a3a
2. Fixed: Default Admin Security (the admin:admin account is now disabled once another administrator is created). 3. Fixed: Information Disclosure (sensitive team data is now filtered out for non-admins). 4. Fixed: Denial of Service (added type-safe password checks and error handling for hashing functions). 5. Fixed: SQL Injection (implemented SCHEMA_WHITELIST for database restore validation). 6. Fixed: Path Traversal (sanitized filenames for administrative file uploads). 7. Preserved: Predictable File URLs (kept as an intentional vulnerability for CTF participants).
22 KiB
22 KiB