Sh00T0Ut

**Name of the Vulnerable Software and Affected Versions** Nakid CMS version 0.5.2 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `core[system path]` parameter when `magic quotes gpc` is disabled and `register globals` is enabled. **Recommendations** For Nakid CMS version 0.5.2, consider disabling the `register globals` setting and enabling `magic quotes gpc` to mitigate the risk of exploitation. Additionally, restrict access to the `upload photo.php` module in the catalog directory to minimize the risk of arbitrary PHP code execution.