CVE-2005-2782 Information

Description

PHP remote file inclusion vulnerability in al_initialize.php for AutoLinks Pro 2.1 allows remote attackers to execute arbitrary PHP code via an \ftp://\ URL in the alpath parameter which bypasses the incomplete blacklist that only checks for \http\ and \https\ URLs.

Reference

http://marc.info/?l=bugtraq&m=112535379716486&w=2 http://secunia.com/advisories/16620/ http://www.securityfocus.com/bid/14686 https://exchange.xforce.ibmcloud.com/vulnerabilities/22061