Fuzyylime(cms) Remote Code Execution Vulnerability

Summary
This host is installed with Fuzyylime(cms) which is prone to Remote Code Execution vulnerability.
Impact
Successful exploitation will allow attacker to include and execute arbitrary files from local and external resources, and can gain sensitive information about remote system directories when magic_quotes_gpc is disabled. Impact level: Application/System
Solution
Upgrade to fuzzylime 3.03b or later, For updates refer to http://cms.fuzzylime.co.uk/st/content/download
Insight
The flaws are due to, - The data passed into 'list' parameter in code/confirm.php and to the 'template' parameter in code/display.php is not properly verified before being used to include files. - Input passed to the 's' parameter in code/display.php is not properly verified before being used to write to a file.
Affected
Fuzyylime(cms) version 3.03a and prior.
References