These include authenticated remote code execution via “zip slip” and WebDAV path traversal, session fixation on the remote administration server, information disclosure via path traversal on FTP, and information disclosure in the admin interface.