Soothackers

**Name of the Vulnerable Software and Affected Versions** PhpRemoteView versions prior to 2003-10-23 **Description** The issue allows remote attackers to inject arbitrary web script or HTML via the `f`, `d`, and `ref` parameters, and the "MAKE DIR" and "Full file name" fields. This can be exploited by injecting malicious code into these parameters and fields. **Recommendations** For versions prior to 2003-10-23, as a temporary workaround, consider restricting access to the `f`, `d`, and `ref` parameters, and the "MAKE DIR" and "Full file name" fields in PRV.php until a patch is available. Avoid using these parameters and fields in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.