Security Issues With This Code?

[mikebrum]

I've been told (by our hosting) that there might be a security issue with this code:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" ><?php include_once('includes/header.php'); ?><body><div id="wrapper">	<?php include_once('includes/navigation.php'); ?>	<a id="top"></a>	<div id="header">		<?php include_once('includes/headerLeft.php'); ?>		<div id="headerRight">		<?php 			$pg = $_GET['pg']; 			if ($pg == '') { $pg = 'home'; }		?>			<img src="images/<?php echo $pg; ?>.jpg" alt="" />		</div>	</div>	<div id="content">				<?php include_once($pg . '.php'); ?>				</div>	<?php include_once('includes/footer.php'); ?></div></body></html>

We've been told that e-mails were sent (through this code) on our behalf.Any help would be appreciated and thank you in advance for your help!Mike

[Synook]

Well, you are basically allowing the user to include any PHP file they want through this line:

<?php include_once($pg . '.php'); ?>

You could negate that by filtering the input (e.g. only allowing certain values or removing forward slashes).

[justsomeguy]

That script doesn't do any mailing though, do you have an include file that actually does the mailing?