imcat 4.4 allows remote malicious users to execute arbitrary PHP code by using root/run/adm.php to modify the boot/bootskip.php file.
txjia imcat 4.4