R4D1X

**Name of the Vulnerable Software and Affected Versions** Boelter Blue System Management version 1.3 **Description** The issue allows a remote attacker to execute arbitrary code and obtain sensitive information. This is achieved via the `id` parameter to "news details.php" and "location details.php", and the `section` parameter to "services.php". **Recommendations** For Boelter Blue System Management version 1.3, avoid using the `id` parameter in the "news details.php" and "location details.php" API endpoints, and the `section` parameter in the "services.php" endpoint until the issue is resolved. Consider restricting access to these endpoints to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.