FAR-PHP 1.0 - 'index.php' Local File Inclusion

EDB-ID:

32287


Platform:

PHP

Published:

2008-08-21

source: http://www.securityfocus.com/bid/30781/info

FAR-PHP is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability using directory-traversal strings to view local files within the context of the webserver process. Information harvested may aid in further attacks.

http://www.example.com/farver/index.php?c=/../../../../../../../../boot.ini%00