Arham

**Name of the Vulnerable Software and Affected Versions** Rad Upload version 3.02 **Description** A remote file inclusion issue exists due to the handling of the `save path` parameter in the upload.php file. This could potentially allow remote attackers to execute arbitrary PHP code by providing a URL in the `save path` parameter. However, it's noted that the `save path` is initially defined as an empty string before use. **Recommendations** For Rad Upload version 3.02, ensure that the `save path` parameter is properly validated and sanitized to prevent remote file inclusion attacks. Consider temporarily restricting access to the upload.php file until a proper fix can be applied. At the moment, there is no information about a newer version that contains a fix for this vulnerability.