Arash Rj

**Name of the Vulnerable Software and Affected Versions** Bob Jewell Discloser versions 0.0.4 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code. This can be achieved by providing a URL in the `fileloc` parameter to specific API endpoints, such as "content/content.php" or "/inc/indexhead.php". **Recommendations** For Bob Jewell Discloser versions 0.0.4 and earlier, consider restricting access to the `content/content.php` and `/inc/indexhead.php` endpoints to minimize the risk of exploitation. Avoid using the `fileloc` parameter in these endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.