Vulnerability Fix Information CVE-2021-37627: - Description: Prevent privilege escalation with the form generator. - Version: 4.4.56 (2021-08-11) CVE-2021-37626: - Description: Prevent PHP file inclusion via insert tags. - Version: 4.4.56 (2021-08-11) CVE-2021-35955: - Description: Prevent XSS via HTML attributes in the back end. - Version: 4.4.56 (2021-08-11) CVE-2020-25768: - Description: Prevent insert tag injections in forms. - Version: 4.4.52 (2020-09-24) CVE-2020-27776: - Description: Prevent arbitrary file uploads in the back end. - Version: 4.4.41 (2018-07-16) CVE-2020-20028: - Description: Prevent information disclosure through incorrect access control in the back end. - Version: 4.4.31 (2018-12-13) CVE-2019-11512: - Description: Prevent SQL injections in the file manager search. - Version: 4.4.39 (2019-04-30) CVE-2019-10641: - Description: Invalidate the user sessions if a password changes. - Version: 4.4.37 (2019-04-09) Other Important Security Updates: Version 4.4.56 (2021-08-11): - Prevent privilege escalation - Prevent PHP file inclusion - Prevent XSS via HTML attributes Version 4.4.52 (2020-09-24): - Prevent insert tag injections in forms Version 4.4.18 (2018-04-18): - Fix an XSS vulnerability in the system log Version 4.4.41 (2018-07-16): - Correctly handle subpalettes in "edit multiple" mode Version 4.4.8 (2017-11-15): - Prevent SQL injections in the back end search panel This information provides specific CVE numbers and corresponding version releases for fixes, helping to ensure system security and stability.