AyaCms is an extremely simple and free open source Php website builder. A remote code execution vulnerability exists in AyaCMS version 3.1.2, which stems from a failure to properly filter special elements in the /aya/module/admin/ust_tab_e.inc.php page. An attacker could exploit this vulnerability to cause remote code execution.