Ag Spider

**Name of the Vulnerable Software and Affected Versions** MiniBB Forum version 1.5a **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `absolute path` parameter to API endpoints such as "news.php", "search.php", or "whosOnline.php". **Recommendations** For MiniBB Forum version 1.5a, consider restricting access to the `absolute path` parameter in the affected API endpoints until a patch is available. As a temporary workaround, avoid using the `absolute path` parameter in the "news.php", "search.php", or "whosOnline.php" endpoints to minimize the risk of exploitation.