Three critical vulnerabilities in PHP Voyager allow remote code execution, XSS, and file deletion, with no patches since disclosure on September 11, 2