An issue in SEMCMS v.4.8 allows a remote malicious user to execute arbitrary code via a crafted script.