CX Remote_File_Inclusion @ website/admin/index.php [master]

[vish07]

Remote_File_Inclusion issue exists @ website/admin/index.php in branch master

The application loads an external library or source code file using require_once, at line 1 of website\admin\index.php. An attacker might be able to exploit this and cause the application to load arbitrary code. Note that this library is dynamically selected based on untrusted user input _GET, from line 1 in website\admin\index.php. An attacker can influence this input to cause the application to execute arbitrary code, even from a remote server.

Severity: High

CWE:98

Vulnerability details and guidance

Checkmarx

Lines: 3

---

Code (Line #3):

$page = $_GET['page'] . '.php';

---

[vish07]

Issue still exists.

[vish07]

Issue still exists.