CVE-2012-5293

Name of the Vulnerable Software and Affected Versions SAPID CMS version 1.2.3

Description The issue allows remote attackers to execute arbitrary PHP code. This can be achieved via a URL in the root path parameter to specific API endpoints, such as "usr/extensions/get tree.inc.php" or "usr/extensions/get infochannel.inc.php".

Recommendations For SAPID CMS version 1.2.3, consider restricting access to the GLOBALS[root path] and root path parameters in the affected API endpoints until a patch is available. As a temporary workaround, avoid using these parameters in "usr/extensions/get tree.inc.php" and "usr/extensions/get infochannel.inc.php" to minimize the risk of exploitation.