Alsa7R

**Name of the Vulnerable Software and Affected Versions** PHP Classifieds version 7.3 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `lang path` parameter in the tools/phpmailer/class.phpmailer.php file. **Recommendations** For PHP Classifieds version 7.3, update the tools/phpmailer/class.phpmailer.php file to prevent remote file inclusion attacks by validating and sanitizing the `lang path` parameter. As a temporary workaround, consider restricting access to the class.phpmailer.php file until a patch is available.