Civi

**Name of the Vulnerable Software and Affected Versions** PHP Image version 1.2 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `xarg` parameter to specific PHP files, including "xarg corner.php", "xarg corner bottom.php", and "xarg corner top.php". **Recommendations** For PHP Image version 1.2, consider restricting access to the `xarg` parameter in the affected PHP files until a patch is available. As a temporary workaround, avoid using the `xarg` parameter in the API endpoints "/xarg corner.php", "/xarg corner bottom.php", and "/xarg corner top.php" to minimize the risk of exploitation.