CVE-2009-2095

Name of the Vulnerable Software and Affected Versions Mundi Mail version 0.8.2

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the top parameter when register globals is enabled. If allow url fopen is disabled, it is possible to perform directory traversal attacks to include and execute arbitrary local files.

Recommendations For Mundi Mail version 0.8.2, consider disabling the register globals setting to prevent remote code execution. Additionally, enable allow url fopen to prevent directory traversal attacks, or restrict access to the template/simpledefault/admin/ masterlayout.php file to minimize the risk of exploitation.