vendor:
Unknown
by:
ThE dE@Th (AsB-MaY DiScOvEr ExPlIoTs Gr0uP)
5.5
CVSS
MEDIUM
Remote File Inclusion
98
CWE
Product Name: Unknown
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
2007
Remote File Inclusion in aggregator.php and controller.php
The vulnerability allows an attacker to include a remote file in the aggregator.php and controller.php scripts. By manipulating the 'zf_path' parameter, an attacker can execute arbitrary code on the server.
Mitigation:
Update the affected scripts to ensure that user input is properly validated and sanitized before including files.