Artant00

Name of the Vulnerable Software and Affected Versions: Atheos versions prior to v602 Description: Atheos is a self-hosted browser-based cloud IDE. The `$target` parameter in "/controller.php" was not properly validated, which could allow an attacker to execute arbitrary files on the server via path traversal. Recommendations: For versions prior to v602, update to v602 to resolve the issue. As a temporary workaround, consider restricting access to the "/controller.php" endpoint to minimize the risk of exploitation. Avoid using the `$target` parameter in the affected endpoint until the issue is resolved.