• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

AEwebworks Dating Software AeDating Index.PHP Local File Include Vulnerability

aeDating is prone to a local file include vulnerability.

The problem presents itself when an attacker passes the location of a potentially malicious local script through a parameter of the 'index.php' script.

An attacker may leverage this issue to execute arbitrary server-side script code that resides on an affected computer with the privileges of the Web server process. This may potentially facilitate unauthorized access.

It should be noted that this issue may also be leveraged to read arbitrary files on an affected computer with the privileges of the Web server.

aeDating 3.2 and prior are affected by this issue.