mkCMS - 'index.php' Arbitrary PHP Code Execution

Author: CWH Underground
type: webapps
platform: php
port: 
date_added: 2013-06-11  
date_updated: 2015-10-30  
verified: 1  
codes:   
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 38571.txt  

source: https://www.securityfocus.com/bid/60488/info

mkCMS is prone to an arbitrary PHP code-execution vulnerability.

An attacker can exploit this issue to execute arbitrary PHP code within the context of the affected application.

mkCMS 3.6 is vulnerable; other versions may also be affected.

http://www.example.com/mkCMS/index.php?cmd=dir