CVE-2012-1200

Name of the Vulnerable Software and Affected Versions Nova CMS (affected versions not specified)

Description The issue allows remote attackers to execute arbitrary PHP code. This can be achieved via a URL in several parameters, including the fileType parameter to "optimizer/index.php", the id parameter to "administrator/modules/moduleslist.php", the filename parameter to "includes/function/gets.php", or the conf[blockfile] parameter to "includes/function/usertpl.php".

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.