Yangchonghui2017

**Name of the Vulnerable Software and Affected Versions** NexusPHP version 1.5.beta5.20120707 **Description** The issue concerns a problem where an attacker can execute malicious scripts. This is possible due to the lack of proper validation in the `returnto` parameter to "fun.php" in a delete action, allowing for malicious code execution. **Recommendations** For NexusPHP version 1.5.beta5.20120707, avoid using the `returnto` parameter in the "fun.php" delete action until a fix is available. As a temporary workaround, consider restricting access to the "fun.php" endpoint to minimize the risk of exploitation.