N0N0X

**Name of the Vulnerable Software and Affected Versions** Ax Developer CMS (AxDCMS) version 0.1.1 **Description** The issue allows remote attackers to execute arbitrary code via a .. (dot dot) in the `aXconf[default language]` parameter in the modules/profile/user.php file. **Recommendations** For Ax Developer CMS (AxDCMS) version 0.1.1, avoid using the `aXconf[default language]` parameter in the affected modules/profile/user.php file until the issue is resolved.