## https://sploitus.com/exploit?id=B028FA83-B140-5DC7-B7BA-034A954E7091
# CVE-2026-37065
Veno File Manager Project 4.4.9 is vulnerable to Arbitrary File Deletion.
To exploit the vulnerability, an authenticated attacker with the role of superadmin can send a specially crafted POST request to the affected endpoint using the url parameter remove to control the file to be deleted. No user interaction necessary. If deleted files are root index.php, for example, the application stops working.
https://github.com/user-attachments/assets/5fcf2bd6-cdb3-4758-8d2d-aa491eaadab3