vendor:
by:
GolD_M = [Mahmood_ali]
7.5
CVSS
HIGH
Remote File Include
CWE
Product Name:
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
2007
PHP Module Implementation Remote File Include Vulnerability
The vulnerability allows an attacker to include remote files on the server by manipulating the 'laypath' parameter in the 'top.php' file. This can lead to remote code execution.
Mitigation:
The vulnerability can be mitigated by properly validating and sanitizing user input before including files. It is recommended to use absolute paths instead of user-controlled input.