vendor:
by:
Dr Max Virus
7.5
CVSS
HIGH
Bug in (include/)
98
CWE
Product Name:
Affected Version From: 0.3
Affected Version To: 0.3
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
2007
Script:phpxd
The vulnerability exists in the include/ directory of the phpXD script. It is caused by the insecure usage of the require() function to include PHP files. An attacker can exploit this vulnerability by providing a malicious code in the 'path' parameter of the affected PHP files, which can lead to remote code execution.
Mitigation:
To mitigate this vulnerability, it is recommended to sanitize user input and validate file paths before including them in PHP scripts. Additionally, it is advised to keep the script up-to-date with the latest patches and security updates.