R4M!

**Name of the Vulnerable Software and Affected Versions** VRNews versions 1.1.1 and possibly other 1.x versions **Description** The issue allows remote attackers to perform certain administrative actions without authentication. This can be achieved by sending a direct request with specific values in the `act` parameter, such as `edit`, `add`, `config`, or `del`. **Recommendations** For VRNews version 1.1.1, consider restricting access to the admin.php file until a proper authentication mechanism is implemented. For other potentially affected 1.x versions, apply the same restriction to the admin.php file to prevent unauthorized administrative actions.