PHP remote file inclusion vulnerability in templates/header.php in ME Download System 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the Vb8878b936c2bd8ae0cab parameter. Successful exploitation requires that "register_globals" is enabled.
Publication date: Thu, 10 Aug 2006 05:04:00 +0000