includer.cgi in The Includer allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the URL or (2) the template parameter.Referenceshttp://marc.info/?l=bugtraq&m=111030957413411&w=2http://marc.info/?l=bugtraq&m=111021730710779&w=2http://www.securityfocus.com/bid/12738
