Input passed via the "from" and "to" POST parameters to converter.php is not properly sanitised before being stored in includes/currencies.php. This can be exploited to inject and execute arbitrary PHP code.
CVE Link
Exploit Type - Old
Exploits/Remote Code Execution
Exploit Type
Product Name