Summary
w-CMS is prone to a remote code execution vulnerability.
Impact
Successfully exploiting this issue may allow an attacker to execute arbitrary code in the context of the user running the affected application.
Impact Level: Application
Solution
Ask the Vendor for an update.
Insight
Input passed to userFunctions.php is not properly sanitized.
Affected
w-CMS 2.0.1 is vulnerable
other versions may also be affected.
Detection
Send a HTTP POST request which execute the phpinfo() command and check the response if it was successfull.
References
Updated on 2017-03-28