vendor:
Flipper Poll
by:
Unknown
7.5
CVSS
HIGH
Remote File Inclusion
98
CWE
Product Name: Flipper Poll
Affected Version From: 1.1.2000
Affected Version To: 1.1.2000
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
2007
Flipper Poll v1.1.0 (poll.php) remote file include vuln
The vulnerability allows an attacker to include a remote file by manipulating the 'root_path' parameter in the 'poll.php' script. This can be exploited to execute arbitrary code on the server.
Mitigation:
To mitigate this vulnerability, it is recommended to validate user input and properly sanitize the 'root_path' parameter before including any files.