Skip to main content

Local File Inclusion

Description#

The application allows to read or execute files located on the server through relative paths manipulation in the input fields.

Recommendation#

  • Validate that the parameters received by the application do not contain relative paths.

  • Disable insecure functions that allow reading of arbitrary files on the server.

Requirements#