CVE-2009-2399

Name of the Vulnerable Software and Affected Versions DM FileManager version 3.9.4

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the SECURITY FILE parameter when register globals is enabled.

Recommendations For DM FileManager version 3.9.4, consider disabling the register globals setting to prevent exploitation until a patch is available. Restrict access to the album.php file in the dm-albums/template directory to minimize the risk of exploitation. Avoid using the SECURITY FILE parameter in the affected URL until the issue is resolved.