phPay Windows Installations Local File Include Vulnerability

phPay Windows Installations Local File Include Vulnerability

phPay is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. The vulnerability resides in code that was intended to protect against file-include attacks. It was found that the protection routines may be bypassed on Windows installations.

Exploiting this issue may allow an unauthorized user to view files and execute local scripts.