e-Vision CMS 2.02 - SQL Injection Remote Code Execution

e-Vision CMS 2.02 - SQL Injection Remote Code Execution !/usr/bin/php -q -d shortopentag=on ...need i say more? Bug 2 admin/functions.php: if isset$COOKIE'adminlang' $languageselector = $COOKIE'adminlang'; else $languageselector = "en"; include"lang/".$languageselector.".php"; ...speaks for it se...