Subrion CMS is vulnerable to remote code execution (RCE). A malicious user can and execute arbitrary code by passing a string of a serialized object to the server through $_COOKIE['salt']
when submitting a login request. This causes the server to execute the unserialize()
function that will result in arbitrary code being executed on the server.