Could you tell me if I am correct?
For me, there is no vulnerability !
At least, if global_register is activated, the $url variable may be modified but with any consequence as the real path is after the $url variable ...
Then you may have been able to include files with the following path
$url.'core/admin_table.class.php' (for instance)
Not warmful !
Are you agree ?
I meant harmful and not warmful :)
As my previous testing did not work and you said those lines I think this is false-positive.
This topic has been closed to new replies.