Nf2

**Name of the Vulnerable Software and Affected Versions** phpWebNotes version 2.0.0 **Description** The issue arises from the use of the extract function in the php api.php file, which modifies key variables such as `$t path core`. This leads to a PHP file inclusion issue, allowing remote attackers to execute arbitrary PHP code via the `t path core` parameter. **Recommendations** For phpWebNotes version 2.0.0, consider restricting access to the `t path core` parameter to minimize the risk of exploitation. As a temporary workaround, avoid using the `extract` function to modify key variables until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.