Description

This script is possibly vulnerable to file inclusion attacks.

It seems that this script includes a file which name is determined using user-supplied data. This data is not properly validated before being passed to the include function.

Remediation

Edit the source code to ensure that input is properly validated. Where is possible, it is recommended to make a list of accepted filenames and restrict the input to that list.

For PHP, the option allow_url_fopen would normally allow a programmer to open, include or otherwise use a remote file using a URL rather than a local file path. It is recommended to disable this option from php.ini.

References

PHP - Using remote files

OWASP PHP Top 5

Remote file inclusion

Related Vulnerabilities

WordPress Plugin Theme Tuner 'tt-abspath' Parameter Remote File Include (0.7)

WordPress Plugin jQuery Mega Menu Widget 'skin' Parameter Local File Include (1.0)

WordPress Plugin Sina Extension for Elementor Local File Inclusion (2.2.0)

WordPress Plugin SAM Pro (Free Edition) Local File Inclusion (1.9.6.67)

WordPress Plugin LiveSig 'wp-root' Parameter Remote File Include (0.4)

Severity

High

Classification

CWE-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

Tags

File Inclusion