4N4Nd

**Name of the Vulnerable Software and Affected Versions** Ilch version 2.1.22 **Description** The issue allows remote code execution. This is because `php` is listed under "Allowed files" on the `/admin/media/settings/index` page, which can be exploited. **Recommendations** For Ilch version 2.1.22, remove `php` from the list of "Allowed files" on the `/admin/media/settings/index` page to prevent remote code execution.