icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

PPA functions.inc.php ppa_root_path Parameter Remote File Inclusion

High

Synopsis

The remote host is vulnerable to a Script Injection attack.

Description

The remote host is running PPA, a photo album application written in PHP. There is a flaw in the remote version of this software that may allow an attacker to force the remote PHP script to include arbitrary files hosted on a third-party server. Therefore, an attacker can exploit this flaw to execute arbitrary PHP code on the remote host.

Solution

No solution is known at this time.