Xiaohuihui

**Name of the Vulnerable Software and Affected Versions** OTCMS version 3.61 **Description** The issue allows remote attackers to execute arbitrary PHP code. This is achieved via the `accBackupDir` parameter. **Recommendations** For OTCMS version 3.61, consider restricting access to the vulnerable parameter `accBackupDir` to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.