vendor:
PHP BandManager
by:
koray
7.5
CVSS
HIGH
Remote File Inclusion
CWE
Product Name: PHP BandManager
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
2007
PHP BandManager Remote File Inclusion Vulnerability
The PHP BandManager application is vulnerable to remote file inclusion due to the insecure use of the include function. By manipulating the 'pg' parameter in the 'index.php' file, an attacker can include arbitrary files from remote servers.
Mitigation:
To mitigate this vulnerability, it is recommended to update the PHP BandManager application to a version that addresses this issue. Additionally, disable the 'allow_url_fopen' and 'register_globals' settings in the PHP configuration.