The theme.php file in SDCMS 2.8 has a command execution vulnerability that allows for the execution of system commands