CVE-2008-2199

Name of the Vulnerable Software and Affected Versions: Kmita Mail versions 3.0 and earlier

Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the file parameter when register globals is enabled. This is due to a PHP remote file inclusion vulnerability in htmlcode.php.

Recommendations: For Kmita Mail versions 3.0 and earlier, disable the register globals setting to prevent exploitation. Additionally, consider restricting access to the htmlcode.php file until a fix is available. As a temporary workaround, avoid using the file parameter in affected URLs until the issue is resolved.