Blue|Spy

**Name of the Vulnerable Software and Affected Versions** MultiBanners versions 1.0.1 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `mosConfig absolute path` parameter in the extadminmenus.class.php file. **Recommendations** For MultiBanners version 1.0.1, avoid using the `mosConfig absolute path` parameter in the affected API endpoint until the issue is resolved. Restrict access to the extadminmenus.class.php file to minimize the risk of exploitation.