PHP remote file inclusion vulnerability in genepi.php in Genepi 1.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the topdir parameter. Successful exploitation requires that "register_globals" is enabled.
Publication date: Mon, 18 Dec 2006 17:28:00 +0000