CVE-2006-5762
CVE-2006-5762 describes a PHP remote file inclusion in forgot_pass.php (Free File Hosting 1.1 and earlier; also affects related Free File Hosting/Free Image Hosting components) where an attacker can supply a URL in the AD_BODY_TEMP parameter to execute arbitrary PHP code. The underlying issue is ...