Multiple vulnerabilities have been identified in audioCMS arash, which could be exploited by attackers to execute arbitrary commands. These issues are caused by input validation errors in the "arash_lib/include/edit.inc.php", "arash_lib/include/list_features.inc.php", "arash_lib/class/arash_gadmin.class.php" and "arash_lib/class/arash_sadmin.class.php" scripts when processing the "arashlib_dir" parameter, which could be exploited by remote attackers to include malicious scripts and execute arbitrary commands with the privileges of the web server.
Vulnerable Products
Vulnerable Software: audioCMS arash version 0.1.4 and prior
