PowerPhlogger Remote File Include Vulnerability

PowerPhlogger Remote File Include Vulnerability

A vulnerability has been discovered in PowerPhlogger. This issue is present in the 'showhits.php3' script.

It is possible to pass a remote attacker-specified location to the 'rel_path' parameter for included files. This may allow an attacker to execute arbitrary commands with the privileges of the webserver by including a malicious PHP script from an attacker-supplied host.

It should be noted that it is not known whether or not newer versions of PowerPhlogger address this issue.