Rack911 has performed an independent audit of apnscp's code base. During this audit, seven vulnerabilities were uncovered by Rack911's audit team. These have been patched in v3.0.50. All users are encouraged to upgrade immediately. An attacker needs an account in the control panel to leverage all attacks disclosed below. Vulnerabilities consist of 2 medium input validation and 5 severe symlink attacks, 4 of which related to a weakness in Optimized Shadow Assertions ("OSA") discussed at the end.
This is a companion discussion topic for the original entry at https://hq.apnscp.com/ap-01-ap-07-security-vulnerability-update/