Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

PPA functions.inc.php ppa_root_path Parameter Remote File Inclusion

High

Synopsis

The remote host is vulnerable to a Script Injection attack.

Description

The remote host is running PPA, a photo album application written in PHP. There is a flaw in the remote version of this software that may allow an attacker to force the remote PHP script to include arbitrary files hosted on a third-party server. Therefore, an attacker can exploit this flaw to execute arbitrary PHP code on the remote host.

Solution

No solution is known at this time.