Out of all the flaws on AltairCMS that i've been fixing. I recommend you fix the "GET" variable issue.
Because if the "GET" info is not a number then do a check and make it do something else. for example if the "Get" variable is not a number or is INVALID make it by default equal 1. (doing this will fix the problem)
Here is an example. replace your link for your AltairCMS page with this.
Code:
http://(YOUR WEBSITE FOR ALTAIR CMS HERE)/?page=index&id=<script>alert('hacked by namek303')</script>
this security flaw will allow a user to actually make a cookie stealer. and all he needs to do is make a admin visit a page with the cookie stealer hidden on it. and boom he has the admin's cookies. and he replaces the Admin cookies with his and now hes a admin on the site. lots of damage that can be done for people that really customized it.
the damage that he can do includes, making a notice or announcement that causes harm. (embedding the cookie grabber in an announcement, testing for sql injection using the announcement, making a redirect to another site from announcement, defacing the site from announcement, making comments from announcements that are inappropriate to name a few options)
I really like this CMS and been working alot with it. Let me know how that works out or if u cant figure out how to fix it for you. (by fixing this you eliminate the biggest security flaw on the site)