CitrusDB Arbitrary Local PHP File Include Vulnerability

info
discussion
exploit
solution
references

CitrusDB Arbitrary Local PHP File Include Vulnerability

CitrusDB is reportedly affected by a vulnerability that permits the inclusion of any local PHP file. This issue is due to the application failing to properly sanitize user-supplied input.

This issue is reported to affect CitrusDB 0.3.6; earlier versions may also be affected.

This issue may also allow remote file includes, although this has not been confirmed.