PHP-Proxima autohtml.PHP Information Disclosure Vulnerability

ID EDB-ID:22603
Type exploitdb
Reporter Mind Warper
Modified 2003-05-14T00:00:00


PHP-Proxima autohtml.PHP Information Disclosure Vulnerability. Webapps exploit for php platform


A vulnerability has been reported for PHP-Proxima. The problem occurs in the autohtml.php script. Specifically, the script fails to verify the contents of a user-supplied variable before including a specified file into an HTML file. As a result, a malicious remote user may be capable of using this as a channel to disclose the contents of arbitrary local system files.

It should be noted that all local files would be accessed with the privileges of user invoking PHP-Proxima.