Unrated severityNVD Advisory· Published Jun 17, 2009· Updated Jun 16, 2026
CVE-2009-2095
CVE-2009-2095
Description
PHP remote file inclusion vulnerability in template/simpledefault/admin/_masterlayout.php in Mundi Mail 0.8.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the top parameter. NOTE: when allow_url_fopen is disabled, directory traversal attacks are possible to include and execute arbitrary local files.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- cpe:2.3:a:mundi_king:mundi_mail:0.8.2:*:*:*:*:*:*:*
- Range: <=0.8.2
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.