Mostafa_Ragab

**Name of the Vulnerable Software and Affected Versions** aWebNews version 1.5 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `path to news` parameter to specific PHP files, including "listing.php" and "visview.php" API endpoints. **Recommendations** For aWebNews version 1.5, consider restricting access to the `listing.php` and `visview.php` files until a patch is available, and avoid using the `path to news` parameter in these API endpoints to minimize the risk of exploitation.