PHP file inclusion vulnerability in php121db.php in PHP121 Instant Messenger 2.2 allows remote attackers to execute arbitrary PHP code via a UNC share pathname or a local file pathname in the php121dir parameter, which is accessed by the file_exists function.
CPE | Name | Operator | Version |
---|---|---|---|
php121_instant_messenger | eq | 2.2 |