Script source code disclosure

Description

It is possible to read the source code of this script by using script filename as a parameter. It seems that this script includes a file which name is determined using user-supplied data. This data is not properly validated before being passed to the include function.

ShareShare on FacebookTweet about this on TwitterShare on Google+

Impact
An attacker can gather sensitive information (database connection strings, application logic) by analysing the source code. This information can be used to launch further attacks.

Recommendation
Analyse the source code of this script and solve the problem.

References
Source Code Disclosure Can Be Exploited On Your Website