CVE-2009-2399

2009-07-09T16:30:00
ID CVE-2009-2399
Type cve
Reporter cve@mitre.org
Modified 2017-09-19T01:29:00

Description

PHP remote file inclusion vulnerability in dm-albums/template/album.php in DM FileManager 3.9.4, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the SECURITY_FILE parameter.