Gridbox com_gridbox from balbooa.com, 2.4.0 and previous versions, multiple vulnerabilities including XSS, SQLi, arbitratry file download, insecure file upload, directory traversal
Resolution: update to version 2.4.1.1 (note that previous security release 2.4.1 fixed most of the issues but not all of them)
Update notice: https://support.balbooa.com/forum/gridbox/4366-gridbox-2-4-1-1-security-and-bug-fix-update
.