Codexploder

Name of the Vulnerable Software and Affected Versions: SQuery versions 4.5 and earlier Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the `libpath` parameter to scripts in the lib directory, including multiple PHP files such as `ase.php`, `devi.php`, `doom3.php`, and others. This issue only occurs when `register globals` is disabled. Recommendations: For SQuery versions 4.5 and earlier, consider disabling the `libpath` parameter or restricting access to the lib directory to minimize the risk of exploitation. Additionally, ensure that `register globals` is enabled to prevent this issue, but be aware of the potential security implications of this setting.