vendor:
phpindexpage
by:
Dr.Pantagon
7.5
CVSS
HIGH
Remote File Include
CWE
Product Name: phpindexpage
Affected Version From: 1
Affected Version To: 1.0.1
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
phpindexpage 1.0 & 1.0.1 (config.php) Remote File Include Vulnerability
This vulnerability allows remote attackers to include arbitrary files via a specially crafted URL in the env[inc_path] parameter in the config.php script.
Mitigation:
Apply the patch provided by the vendor or update to a fixed version of phpindexpage.