L0X3

**Name of the Vulnerable Software and Affected Versions** OpenBB versions 1.0.8 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `root path` parameter to API endpoints such as "index.php" and possibly "collector.php". **Recommendations** For OpenBB versions 1.0.8 and earlier, as a temporary workaround, consider restricting access to the `root path` parameter in the affected API endpoints until a patch is available. Avoid using the `root path` parameter in the "index.php" and "collector.php" endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.