A vulnerability has been identified in SAPID CMS, which could be exploited by attackers to execute arbitrary commands. This flaw is due to input validation errors in the "usr/extensions/get_infochannel.inc.php" and "usr/extensions/get_tree.inc.php" scripts that fail to validate the "root_path" parameter, which could be exploited by remote attackers to include malicious files and execute arbitrary commands with the privileges of the web server.
Vulnerable Products
Vulnerable Software: SAPID CMS version 1.2.3 and prior
