eliteCMS multiple Vulnerabilities

Summary
eliteCMS is prone to a vulnerability that lets attackers upload and execute arbitrary PHP code. The application is also prone to a cross-site scripting issue and to a SQL Injection Vulnerability. These issues occur because the application fails to sufficiently sanitize user-supplied input. Attackers can exploit these issues to steal cookie information, execute arbitrary client-side scripts in the context of the browser, upload and execute arbitrary files in the context of the webserver, compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database and launch other attacks. These issues affect eliteCMS 1.01 other versions may also be affected.
References