Dokeos 'user_portal.php' Local File Include Vulnerability

Dokeos 'user_portal.php' Local File Include Vulnerability

Solution:
The vendor provided the following solution for this issue:

Fixing this issue can be done by replacing line 770 of /user_portal.php by:

if (!empty ($_GET['include']) && preg_match('/^[a-zA-Z0-9_-]*\.html$/',$_GET['include']))

Please see the references for more information.