Local file inclusion vulnerability

sonarbyte / learnify

Developers with Questions, Meet Experts with Answers

1 stars 0 forks source link

Local file inclusion vulnerability #1

Open themcaffee opened 9 years ago

themcaffee commented 9 years ago

In index.php on line 12:

 <?php if (isset($_GET['body']) and !empty($_GET['body'])) include($_GET['body']); else include("home.php"); ?>

body is used without any input validation. This can lead to a local file inclusion vulnerability. For more information about LFI and remediation look here.

qlimaxx commented 9 years ago

Thanks Holyshatots, yes you are right, we will fix this vulnerability.