[原文]Etomite Content Management System 0.6, and possibly earlier versions, when downloaded from the web site in January 2006 after January 10, contains a back door in manager/includes/todo.inc.php, which allows remote attackers to execute arbitrary commands via the "cij" parameter.
Etomite Content Management System contains a default backdoor in the 'todo.inc.php' script. A remote attacker could exploit this vulnerability by sending a specially-crafted URL to the todo.inc.php script that uses the 'cij' parameter to pass malicious code to the popen() function, allowing the attacker to execute commands on the system. While the command output is mailed to a hardcoded email address, the commands are still executed.
Upgrade to version 0.6.1 (beta) or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.