Basti

**Name of the Vulnerable Software and Affected Versions** Ad Manager Pro version 2.6 **Description** The issue allows remote attackers to execute arbitrary PHP code. This can be achieved via a URL in the `ipath` parameter in `common.php` and unspecified vectors in `ad.php`. **Recommendations** For Ad Manager Pro version 2.6, consider restricting access to the `common.php` and `ad.php` files until a patch is available. As a temporary workaround, avoid using the `ipath` parameter in the `common.php` file to minimize the risk of exploitation.