An issue in GetSimpleCMS v.3.4.0a allows a remote malicious user to execute arbitrary code via a crafted payload to the phpinfo().
get-simple getsimplecms 3.4.0a