LotusCMS router PHP Command Injection Exploit

Input passed via the "page" parameter to index.php is not properly sanitised in the "Router()" function in core/lib/router.php before being used in an "eval()" call. This can be exploited to execute arbitrary PHP code.
Exploit type: 
Platform: 
Vulnerabilty ID: 
NOCVE-9999-51709
Product Version: 
12.0
Released Date: 
Tuesday, April 24, 2012 - 00:00