fuzzylime cms code/track.php Local File Inclusion Vulnerability

Summary
The host is running fuzzylime CMS and is prone to Local File Inclusion vulnerability.
Impact
Successful exploitation will cause inclusion and execution of arbitrary files from local resources via directory traversal attacks. Impact Level: Application
Solution
Update to fuzzylime cms version 3.03a or later, For updates refer to http://cms.fuzzylime.co.uk/st/front/index/
Insight
The flaw is caused due improper handling of input passed to p parameter in code/track.php file when the url, title and excerpt form parameters are set to non-null values.
Affected
fuzzylime cms version 3.03 and prior.
References

Updated on 2017-03-28