Prizm Content Connect default.aspx document Parameter Remote File Inclusion
High Nessus Plugin ID 64684
SynopsisThe remote web server hosts an aspx script that is prone to a remote file inclusion attack.
DescriptionThe remote web server hosts Prizm Content Connect, a fully customizable document viewer.
The 'default.aspx' script included with the install fails to sanitize user input to the 'document' parameter before reading a file. A remote attacker can leverage this issue to view arbitrary files or execute arbitrary PHP code, possibly taken from third-party hosts, on the remote host.
SolutionUnknown at this time.