An issue in GNU Savane v.3.12 and before allows a remote malicious user to escalate privileges via the form_id in the form_header() function.
CVE-2024–27632 Reference
CVE-2024-27632 CVE-2024–27632 Reference