Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Local File Inclusion -------------------- Krzysztof K. Wasielewski reported that the layerstyle parameter in al.php was not properly sanitized, causing a potential LFI vulnerability. Under normal circumstances, an attacker would need to place a file named layerstyle.inc.php in an arbitrary directory on the server and craft the layerstyle parameter accordingly to load it. If an old version of PHP is being used the server, other attack techniques might be possible, e.g. NULL-byte truncation. CWE: CWE-98 CVSSv2: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
- Loading branch information