Cwd@Rbe

**Name of the Vulnerable Software and Affected Versions** BIGACE Web CMS version 2.6 **Description** A directory traversal issue exists, allowing remote attackers to include and execute arbitrary local files. This is achieved by using a .. (dot dot) in the `cmd` parameter. **Recommendations** For BIGACE Web CMS version 2.6, consider restricting access to the `cmd` parameter in the public/index.php file to minimize the risk of exploitation. As a temporary workaround, avoid using the `cmd` parameter with untrusted input until a patch is available.