header-logo
Suggest Exploit
vendor:
picKLE
by:
4
CVSS
MEDIUM
Local File Include
22
CWE
Product Name: picKLE
Affected Version From: 0.3
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

picKLE Local File Include Vulnerability

picKLE is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. Exploiting this issue may allow an unauthorized user to view files and execute local scripts.

Mitigation:

To mitigate this vulnerability, it is recommended to properly sanitize and validate user-supplied input to prevent directory traversal attacks. Additionally, access controls should be implemented to restrict unauthorized access to sensitive files.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/22703/info

picKLE is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

Exploiting this issue may allow an unauthorized user to view files and execute local scripts.

Version 0.3 is vulnerable to this issue; other versions may also be affected. 

http://www.example.com/Pickle/src/download.php?img=1&file=../../../../../../../../../../../../../etc/shadow&rotation=0&img=0