Free Simple Cms · Free Simple Cms · CVE-2010-3742
**Name of the Vulnerable Software and Affected Versions**
Free Simple CMS version 1.0
**Description**
The issue allows remote attackers to execute arbitrary PHP code via a URL in the `meta` or `phpincdir` parameter in the themes/default/index.php file.
**Recommendations**
For Free Simple CMS version 1.0, consider restricting access to the `meta` and `phpincdir` parameters in the themes/default/index.php file until a patch is available. As a temporary workaround, avoid using the `meta` and `phpincdir` parameters in the affected API endpoint.