A vulnerability has been identified in FlushCMS, which may be exploited by attackers to execute arbitrary commands. This flaw is due to input validation errors in the "Include/editor/rich_files/class.rich.php" and "Include/editor/class.rich.php" script that fail to validate the "class_path" parameter, which could be exploited by remote attackers to include malicious files and execute arbitrary commands with the privileges of the web server.
Vulnerable Products
Vulnerable Software: FlushCMS version 1.0.0-pre2 and prior
