Multiple vulnerabilities have been identified in phpwcms-xt, which could be exploited by attackers to execute arbitrary commands. These issues are caused by input validation errors in the "phpwcms_template/inc_script/frontend_render/navigation/config_HTML_MENU.php" and "phpwcms_template/inc_script/frontend_render/navigation/config_PHPLM.php" scripts when processing the "HTML_MENU_DirPath" parameter, which could be exploited by remote attackers to include malicious scripts and execute arbitrary commands with the privileges of the web server.
Vulnerable Products
Vulnerable Software: phpwcms-xt version 0.0.7 Beta and prior
