Pomdapimp

**Name of the Vulnerable Software and Affected Versions** LoveCMS version 1.6.2 **Description** The issue allows remote attackers to change the configuration or execute arbitrary PHP code due to the lack of administrative authentication for certain files in the system/admin/ directory. Specifically, this affects the `addblock.php`, `blocks.php`, and `themes.php` files. **Recommendations** For LoveCMS version 1.6.2, consider restricting access to the `addblock.php`, `blocks.php`, and `themes.php` files in the system/admin/ directory until a patch is available. As a temporary workaround, implement proper administrative authentication for these files to prevent unauthorized changes or code execution.