Security osCmax 2.5.4 Code Execution / CSRF / Local File Inclusion February 18, 2016 007admin Leave a comment osCmax version 2.5.4 suffers from code execution, cross site request forgery, and local file inclusion vulnerabilities.