PHP remote file inclusion vulnerability in template/simpledefault/admin/_masterlayout.php in Mundi Mail 0.8.2, when register_globals is enabled, allows remote malicious users to execute arbitrary PHP code via a URL in the top parameter. NOTE: when allow_url_fopen is disabled, directory traversal attacks are possible to include and execute arbitrary local files.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mundi king mundi mail 0.8.2 |