AlstraSoft Efriends GetStartOptions.PHP Local File Include Vulnerability

AlstraSoft Efriends GetStartOptions.PHP Local File Include Vulnerability

AlstraSoft Efriends is prone to a local file include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability to:

- inject arbitrary PHP code into the webserver log files
- include and execute arbitrary files from the vulnerable system in the context of the affected application.

Other attacks are possible.

This issue affects version 4.85; other versions may also be vulnerable.