Multiple vulnerabilities have been identified in FirmWorx, which could be exploited by attackers to execute arbitrary commands. These issues are due to input validation errors in the "includes/config/master.inc.php", "includes/functions/master.inc.php" and "modules/bank/includes/design/main.inc.php" scripts when processing the "fm_data[root]" and "bank_data[root]" parameters, which could be exploited by remote attackers to include malicious scripts and execute arbitrary commands with the privileges of the web server.
Vulnerable Products
Vulnerable Software: FirmWorx version 0.1.2 and prior
