ISPworker Download.PHP Multiple Local File Include Vulnerabilities

info
discussion
exploit
solution
references

ISPworker Download.PHP Multiple Local File Include Vulnerabilities

ISPworker is prone to multiple local file-include vulnerabilities because it fails to sufficiently sanitize user-supplied input.

Exploiting these issues may allow an attacker to access potentially sensitive information and execute arbitrary local scripts within the context of the webserver process.

These issues affect ISPworker 1.21; other versions may also be affected.