PHP remote file inclusion vulnerability in editInplace.php in Wonder CMS 2014 allows remote attackers to execute arbitrary PHP code via a URL in the hook parameter.Referenceshttp://rossmarks.uk/portfolio.phphttp://rossmarks.uk/whitepapers/wonder_cms_2014.txt
