2005-02-12 05:00:00
mitre
PUBLISHED
FormMail.php 5.0, and possibly other versions, allows remote attackers to read arbitrary files via a full pathname in the ar_file (auto-reply) parameter.