2005-02-12 10:00:00
mitre
PUBLISHED
FormMail.php 5.0, and possibly other versions, allows remote attackers to read arbitrary files via a full pathname in the ar_file (auto-reply) parameter.