## https://sploitus.com/exploit?id=B8B07DAE-91EC-5A54-AEB8-A14E5FEC47EF
# CVE-2026-37071
Arbitrary File Rename Leading to Privilege Escalation in
Actions::renameFile() function in Veno File Manager Project 4.4.9
allows an authenticated attacker with 'reanme' permission to take over
the super administrator account via a specially crafted POST request to
the affected endpoint renaming the application configuration file and
triggering a rebuild of configuration and resetting super administrator
credentials to default values.
https://github.com/user-attachments/assets/c729b835-3285-4853-8fe2-a485bc88ab79