Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
File Inclusion Attack #572
There is a File Inclusion attack in the file Piwigo/admin/batch_manager.php
The user controlled variable $page['tab'] is being sent to an include() without no checks. this will create file inclusion attacks possible. in older php versions, using a nullbyte attack, a code execution is also possible.
Fix: put an array of allowed strings.