Co-Sarper-Der

**Name of the Vulnerable Software and Affected Versions** Weatimages versions 1.7.1 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code when the weatimages.ini file is missing. This is achieved via a URL in the `ini[langpack]` parameter. **Recommendations** For Weatimages versions 1.7.1 and earlier, ensure the weatimages.ini file is present to prevent exploitation. As a temporary workaround, consider restricting access to the index.php file until a fix is applied. Avoid using the `ini[langpack]` parameter in the affected API endpoint until the issue is resolved.