mini-Pub 'sFileName' Parameter Multiple Input Validation Vulnerabilities
mini-Pub is prone to multiple input-validation vulnerabilities because it fails to properly sanitize user-supplied input.
These issues include:
- a local file-include vulnerability
- a remote file-include vulnerability
- an arbitrary-command-execution vulnerability
Exploiting these issues can allow attackers to access potentially sensitive information, to execute arbitrary script code in the context of the webserver process, to steal cookie-based authentication credentials, or to compromise the application and the underlying computer.
mini-Pub 0.3 is vulnerable; other versions may also be affected.