AGENCY4NET WEBFTP 'download2.php' Local File Include Vulnerability

info
discussion
exploit
solution
references

AGENCY4NET WEBFTP 'download2.php' Local File Include Vulnerability

AGENCY4NET WEBFTP is prone to a local file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

An attacker can exploit this issue to execute arbitrary local scripts, retrieve potentially sensitive information, and delete arbitrary local files in the context of the webserver process.