PPA functions.inc.php ppa_root_path Parameter Remote File Inclusion
High Nessus Network Monitor Plugin ID 3061
SynopsisThe remote host is vulnerable to a Script Injection attack.
DescriptionThe remote host is running PPA, a photo album application written in PHP.
There is a flaw in the remote version of this software that may allow an attacker to force the remote PHP script to include arbitrary files hosted on a third-party server. Therefore, an attacker can exploit this flaw to execute arbitrary PHP code on the remote host.
SolutionNo solution is known at this time.