Local File Inclusion

Description

The application allows to read or execute files located on the server through relative paths manipulation in the input fields.

Recommendation

• Validate that the parameters received by the application do not contain relative paths.

• Disable insecure functions that allow reading of arbitrary files on the server.

Requirements

• 173. Discard unsafe inputs

• 176. Restrict system objects