PHP remote file inclusion vulnerability in accept.php in comus 2.0 Final allows remote malicious users to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter.
source: wwwsecurityfocuscom/bid/23661/info
Comus is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input
Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible
This issue affects Comus 20; other versions ...