Philex Remote And Local File Include Vulnerabilities

Philex is prone to remote and local file-include vulnerabilities because it fails to sufficiently sanitize user-supplied input.

An attacker can exploit these issues to execute arbitrary local and remote PHP code in the context of the webserver process. This may facilitate a remote compromise of the underlying system; other attacks are also possible.

Philex 0.2.3 is vulnerable; other versions may also be affected.


Privacy Statement
Copyright 2010, SecurityFocus