Sz

**Name of the Vulnerable Software and Affected Versions** SuperMod version 3.0.0 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `sourcedir` parameter to various PHP files, including "Offline.php", "Sources/Admin.php", "Sources/Offline.php", and "content/portalshow.php". **Recommendations** For SuperMod version 3.0.0, consider restricting access to the `sourcedir` parameter in the affected PHP files until a patch is available. As a temporary workaround, disabling the execution of remote PHP code in these files can help minimize the risk of exploitation.