A critical remote code execution vulnerability affects older PHP versions prior to 8.3.8, 8.2.20, and 8.1.29 configured in CGI mode has been reported. Although FileCloud does not use PHP-CGI, the module is included in the installation package, which exposes FileCloud to the vulnerability.
Windows FileCloud installations of 22.1 through 23.232.1.
For the full article and how to patch this, please see the advisory on the link below.
Advisory 2024-06/01 PHP CGI Argument Injection Vulnerability - FileCloud Docs - Server