| शीर्षक | SourceCodester Pizzafy Ecommerce System 1.0 File Inclusion |
|---|
| विवरण | The Local File Inclusion vulnerability in Pizzafy allows an attacker to manipulate the page parameter to traverse the server's file system, moving beyond the intended directory. As evidenced in LFI 2.png, the application's failure to sanitize directory traversal sequences (../) results in the server attempting to execute arbitrary file paths. This flaw exposes sensitive internal data, such as the full system path C:\xampp\htdocs\Pizzafy\admin\index.php, and potentially allows for the reading of critical configuration files. If an attacker successfully pairs this with a file upload or log poisoning vector, the vulnerability could escalate to full Remote Code Execution (RCE). To secure the system, developers must implement a strict whitelist of allowed filenames and ensure the application does not directly handle path-based user input. |
|---|
| स्रोत | ⚠️ https://github.com/cyber-bhaskar10/CVE-Writeups/blob/main/CVE%20Writeup%20Local%20File%20Inclusion%20(LFI)%20in%20index.php.md |
|---|
| उपयोगकर्ता | bhaskar10 (UID 98245) |
|---|
| सबमिशन | 13/05/2026 08:08 PM (26 दिन पहले) |
|---|
| संयम | 01/06/2026 04:59 PM (19 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 367648 [SourceCodester Pizzafy Ecommerce System 1.0 /admin/index.php page अधिकार वृद्धि] |
|---|
| अंक | 20 |
|---|