Gamr-14

**Name of the Vulnerable Software and Affected Versions** Nucleus version 3.23 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL using the `DIR LIBS` parameter in various files, including path/action.php, media.php, /xmlrpc/server.php, and /xmlrpc/api metaweblog.inc.php. **Recommendations** For Nucleus version 3.23, consider restricting access to the `DIR LIBS` parameter to minimize the risk of exploitation. As a temporary workaround, avoid using the `DIR LIBS` parameter in the affected API endpoints until the issue is resolved.