Cr0W

**Name of the Vulnerable Software and Affected Versions** CMS S.Builder versions 3.7 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in a `binn include path` cookie when `register globals` is enabled. This can also be leveraged to include and execute arbitrary local files. **Recommendations** For CMS S.Builder versions 3.7 and earlier, disable the `register globals` setting to prevent exploitation. As a temporary workaround, consider restricting access to the `index.php` file until a patch is available. Avoid using the `binn include path` cookie in the affected `index.php` file until the issue is resolved.