PHP remote file inclusion vulnerability in dm-albums/template/album.php in DM FileManager 3.9.4, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the SECURITY_FILE parameter.
CPE | Name | Operator | Version |
---|---|---|---|
dm_filemanager | eq | 3.9.4 |