false advisory again here... you should read the code, unless to do a basic search with your editor for : -include($ -include_once($ -require($ -require_once($ dont you think you should try your "PoC" before you do send it on a professional bugtraq like securityfocus ? plz guys stop diffusing this kind of false advisory. regards laurent gaffi