Siteframe siteframe.php LOCAL_PATH Parameter Remote File Inclusion
The remote host is running Siteframe, an open source content management system using PHP and MySQL. The installed version of Siteframe does not properly sanitize the 'LOCALPATH' parameter of the 'siteframe.php' script before using it to include files. By leveraging this flaw, an attacker is able ...