- This script is possibly vulnerable to remote XSL inclusion. The path to the XSL file can be controlled by the attacker. Therefore, it's possible to include malicious XSL files.
- Edit the source code to ensure that input is properly validated. Where is possible, it is recommended to make a list of accepted filenames and restrict the input to that list.
- WordPress Plugin Browser Rejector Remote File Inclusion (2.10)
- WordPress Plugin Spicy Blogroll Local File Include (1.0.0)
- Joomla! Core 3.3.x Remote File Inclusion (3.3.0 - 3.3.4)
- WordPress Plugin Annonces 'abspath' Parameter Remote File Include (184.108.40.206)
- WordPress Plugin Post Recommendations for WordPress 'api.php' Remote File Include (1.1.2)