header-logo
Suggest Exploit
vendor:
PHP Accounts
by:
Unknown
7.5
CVSS
HIGH
Local File Include
22
CWE
Product Name: PHP Accounts
Affected Version From: PHP Accounts 0.5
Affected Version To: Unknown
Patch Exists: NO
Related CWE:
CPE: a:php_accounts:php_accounts:0.5
Metasploit:
Other Scripts:
Platforms Tested:
2007

PHP Accounts Local File Include Vulnerability

The PHP Accounts application is prone to a local file-include vulnerability. This vulnerability occurs due to a failure in properly sanitizing user-supplied input. By exploiting this vulnerability, an unauthorized user can view files and execute local scripts.

Mitigation:

To mitigate this vulnerability, it is recommended to properly sanitize user-supplied input and implement access controls to restrict unauthorized access to sensitive files and scripts.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/24572/info

PHP Accounts is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

Exploiting this issue may allow an unauthorized user to view files and execute local scripts.

PHP Accounts 0.5 is vulnerable; other versions may also be affected. 

http://www.example.com/index.php?page=../../etc/passwd

Navigation

Suggest Exploit

Services By CQR