WeBid converter Remote Code Execution Exploit

Input passed via the "from" and "to" POST parameters to converter.php is not properly sanitised before being stored in includes/currencies.php. This can be exploited to inject and execute arbitrary PHP code.
Vulnerabilty ID: 
NOCVE-9999-53406
Product Version: 
12.5
Released Date: 
Wednesday, December 5, 2012 - 00:00