Multiple vulnerabilities have been identified in Persism CMS, which could be exploited by attackers to execute arbitrary commands. These issues are caused by input validation errors in the "modules/blocks/headerfile.php", "modules/files/blocks/latest_files.php", "modules/filters/headerfile.php", "modules/forums/blocks/latest_posts.php", "modules/groups/headerfile.php", "modules/links/blocks/links.php", "modules/menu/headerfile.php", "modules/news/blocks/latest_news.php", "modules/settings/headerfile.php" and "modules/users/headerfile.php" scripts when processing the "system[path]" parameter, which could be exploited by remote attackers to include malicious scripts and execute arbitrary commands with the privileges of the web server.
Vulnerable Products
Vulnerable Software: Persism CMS version 0.9.3 and prior
