PHP remote file include vulnerability in IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, when register_globals is enabled, allows remote malicious users to include arbitrary local and remote PHP files via a URL in the (1) lang_settings and (2) language parameters in (a) accounts/inc/include.php and (b) admin/inc/include.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
merak mail server 8.3.0r |
||
deerfield visnetic mail server 8.3.0_build1 |
||
icewarp web mail 5.5.1 |