An issue exists in LAOBANCMS 2.0. It allows remote malicious users to execute arbitrary PHP code via the host parameter to the install/ URI.
laobancms laobancms 2.0