vendor:
PHP121
by:
Dj7xpl
5.5
CVSS
MEDIUM
Local File Inclusion Vulnerability
22
CWE
Product Name: PHP121
Affected Version From: 2.2
Affected Version To: 2.2
Patch Exists: NO
Related CWE:
CPE: php121:2.2
Platforms Tested:
2007
PHP121 Version 2.2
The vulnerability allows an attacker to include local files by exploiting the php121db.php script. The attacker can specify a local file in the php121dir parameter, which is not properly sanitized, leading to arbitrary file inclusion. The vulnerability can be exploited by sending a crafted request to the vulnerable server.
Mitigation:
To mitigate the vulnerability, it is recommended to sanitize user input before using it in file inclusion operations. Additionally, access controls should be implemented to prevent unauthorized access to sensitive files.
