Farbodmahini

**Name of the Vulnerable Software and Affected Versions** Php-X-Links version 1.0 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the `id` parameter to "rate.php", the `cid` parameter to "view.php", or the `t` parameter to "pop.php". **Recommendations** For Php-X-Links version 1.0, consider restricting access to the vulnerable API endpoints "rate.php", "view.php", and "pop.php" to minimize the risk of exploitation. Avoid using the parameters `id`, `cid`, and `t` in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.