header-logo
Suggest Exploit
vendor:
PHP Doc System
by:
Unknown
5.5
CVSS
MEDIUM
Local File Inclusion
98
CWE
Product Name: PHP Doc System
Affected Version From: 1.5.1 and prior versions
Affected Version To: Unknown
Patch Exists: NO
Related CWE: None provided
CPE: a:php_doc_system:php_doc_system:1.5.1
Metasploit:
Other Scripts:
Platforms Tested: Unknown
Unknown

Local File Include Vulnerability in PHP Doc System

PHP Doc System is prone to a local file-include vulnerability. This is due to the application's failure to properly sanitize user-supplied input. This may facilitate the unauthorized viewing of files and unauthorized execution of local PHP code.

Mitigation:

To mitigate this vulnerability, it is recommended to properly sanitize user-supplied input and implement access controls to prevent unauthorized access to sensitive files.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/15611/info

PHP Doc System is prone to a local file-include vulnerability. This is due to the application's failure to properly sanitize user-supplied input.

This may facilitate the unauthorized viewing of files and unauthorized execution of local PHP code.

PHP Doc System 1.5.1 and prior versions are reported vulnerable; other versions may also be affected. 

http://www.example.com/index.php?show=../File