Mk

**Name of the Vulnerable Software and Affected Versions** DesktopOnNet 3 Beta **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `app path` parameter to specific API endpoints, including "/don3 requiem.don3app/don3 requiem.php" and "/frontpage.don3app/frontpage.php". **Recommendations** For DesktopOnNet 3 Beta, consider restricting access to the `app path` parameter in the affected API endpoints until a patch is available. As a temporary workaround, disabling the execution of remote PHP code in these endpoints can help minimize the risk of exploitation.