[原文]** DISPUTED ** PHP remote file inclusion vulnerability in user-func.php in Codeworks Gnomedia SubberZ[Lite] allows remote attackers to execute arbitrary PHP code via a URL in the myadmindir parameter. NOTE: this issue has been disputed by a third party that claims that " the myadmindir variable is set before any GET variables are processed."
SubberZ Lite has been reported to contain a flaw that may allow a remote attacker to execute arbitrary commands. The issue is supposedly due to the user-func.php script not properly sanitizing user input supplied to the 'myadmindir' variable. However, subsequent examination indicates the variable is set to a static value and can not be manipulated by an attacker.
The vulnerability reported is incorrect. No solution required.