Grav Form Plugin has an Anonymous Page Content Overwrite via Form File Upload filename Override
(Tested on Form 9.0.3 released on April, 28th) The Form plugin's file upload handler at user/plugins/form/classes/Form.php:583 accepts a POST-supplied filename parameter ($filename = $post['filename'] ?? $upload['file']['name']) that overrides the original uploaded filename. The override passes through Utils::checkFilename(), which blocks only a narrow extension list (.php*, .htm*, .js, .exe). Markdown (.md) is not blocked. A page's directory under user/pages/ contains its .md content file (e.g. default.md, form.md). When a form's file …