vendor:
Flip-2.01-final
by:
GolD_M (Mahmnood_ali)
7.5
CVSS
HIGH
Remote File Include
CWE
Product Name: Flip-2.01-final
Affected Version From: 1
Affected Version To: 1
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
2007
Flip-2.01-final 1.0 <= Remote File Include Vulnerability
Remote File Include vulnerability in Flip-2.01-final 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the inc_path parameter to previewtheme.php.
Mitigation:
Update to a patched version of Flip-2.01-final or sanitize user input before including files.