An issue was discovered in BageCMS 3.1.3. The attacker can execute arbitrary PHP code on the web server and can read any file on the web server via an index.php?r=admini/template/updateTpl&filename= URI.Referenceshttps://github.com/rakjong/vuln/blob/master/Bagecms_vuln_1.pdfhttps://kc.mcafee.com/corporate/index?page=content&id=SB10284
