LFI Vulnerability in language parameter.
This exploit is dangerous. Because the LFI is done with require()
on a value saved in SQL, if the path is non-existent, the user
account will be broken. Additionally, this value must be <= 32chars
(MySQL vachar(32))
Vulnerability Type: Local File Include
For the exploit source code contact DSquare Security sales team.