actSite NEWS.PHP Local File Include Vulnerability

info
discussion
exploit
solution
references

actSite NEWS.PHP Local File Include Vulnerability

actSite is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

Exploiting this issue may allow an unauthorized remote user to view files and execute local scripts in the context of the webserver process.

This issue affects actSite 1.56; other versions may also be vulnerable.