PHP remote file inclusion vulnerability in admin.cropcanvas.php in the CropImage component (com_cropimage) 1.0 for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the cropimagedir parameter.Referenceshttp://securityreason.com/securityalert/1450https://exchange.xforce.ibmcloud.com/vulnerabilities/28465http://www.securityfocus.com/bid/19605http://www.securityfocus.com/archive/1/443762/100/0/threadedhttps://www.exploit-db.com/exploits/2217
