Pnshbr

**Name of the Vulnerable Software and Affected Versions** Zend.To versions 6.10-6 Beta and earlier **Description** A critical vulnerability has been found in Zend.To, affecting the function `exec` of the file NSSDropoff.php. The manipulation of the argument `file 1` leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This issue affects a rather old version of the software. The vendor recommends updating to the latest release. **Recommendations** To address this issue, upgrade to version 6.10-7 or later. As a temporary workaround, consider disabling the `exec` function in the NSSDropoff.php file until a patch is available. Restrict access to the vulnerable file to minimize the risk of exploitation. Avoid using the `file 1` argument in the affected function until the issue is resolved.