hmmm, i tried it and unfortunatley it worked,
and it's an great security hole.
with the backdoor it's possible to execute command line commands.
A first fix would be:
in index.php find:
$template = (isset($HTTP_GET_VARS['template'])) ? stripslashes(trim($HTTP_GET_VARS['template'])) : stripslashes(trim($HTTP_POST_VARS['template']));
and replace with:
$template = (isset($HTTP_GET_VARS['template'])) ? stripslashes(trim($HTTP_GET_VARS['template'])) : stripslashes(trim($HTTP_POST_VARS['template']));
// Security Fix
$patterns = array("/(\/)/","/(%2F)/");
$template = preg_replace ($patterns,"",$template);
// Security Fix
One user already told that he was hacked,
maybe through this exploit.