AlegroCart 1.2.8 - PHP Remote File Inclusion Vulnerability in report_logs.php

AlegroCart 1.2.8 - PHP Remote File Inclusion Vulnerability in report_logs.php

CVE-2015-9227 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

PHP remote file inclusion vulnerability in the get_file function in upload/admin2/controller/report_logs.php in AlegroCart 1.2.8 allows remote administrators to execute arbitrary PHP code via a URL in the file_path parameter to upload/admin2.

Learn more about our Web Application Penetration Testing UK.