Astrex

**Name of the Vulnerable Software and Affected Versions** KDPics versions 1.16 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code. This can be achieved via a URL in the `page` parameter to "index.php3", or the `lib path` parameter to "authenticate.inc.php3" or "lib/exifer/exif.php". **Recommendations** For KDPics versions 1.16 and earlier, consider restricting access to the "index.php3", "authenticate.inc.php3", and "lib/exifer/exif.php" files until a fix is available. Avoid using the `page` and `lib path` parameters in the affected files to minimize the risk of exploitation.