header-logo
Suggest Exploit
vendor:
SolarPay
by:
7.5
CVSS
HIGH
Local File Include
CWE
Product Name: SolarPay
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

SolarPay Local File Include Vulnerability

SolarPay is prone to a local file-include vulnerability because the utility fails to properly sanitize user-supplied input. Successfully exploiting this issue allows attackers to gain access to files located in directories they do not have permissions to access. Information that attackers harvest may aid them in further attacks.

Mitigation:

Apply proper input validation and sanitization techniques to prevent the inclusion of arbitrary files.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/22722/info

SolarPay is prone to a local file-include vulnerability because the utility fails to properly sanitize user-supplied input.

Successfully exploiting this issue allows attackers to gain access to files located in directories they do not have permissions to access. Information that attackers harvest may aid them in further attacks. 

http://www.example.com/index.php?read=../admin/a_searchu.php