A vulnerability has been identified in phpCMS, which could be exploited by attackers to gain unauthorized access to arbitrary files on a vulnerable system. This issue is due to an input validation error in the "CheckFile()" [class.cache_phpcms.php] function that does not properly validate the "file" parameter before being passed as an argument to an "fread()" call, which could be exploited by attackers to display the contents of arbitrary files by supplying a specially crafted parameter to the "parser/parser.php" script.
Vulnerable Products
Vulnerable Software: phpCMS version 1.2.2 and prior
