PT-2024-33457 · Unknown+1 · Zipang Point Maker+1
Theviper17
·
Published
2024-10-17
·
Updated
2024-10-18
·
CVE-2024-49317
CVSS v3.1
7.5
High
| Vector | AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
ZIPANG Point Maker versions through 0.1.4
Description
The issue affects ZIPANG Point Maker due to improper control of filename for include/require statement in PHP program, allowing PHP Local File Inclusion. This is related to 'PHP Remote File Inclusion.' It lets attackers perform PHP Local File Inclusion.
Recommendations
For versions through 0.1.4, update to a version that fixes the 'PHP Remote File Inclusion' vulnerability to prevent PHP Local File Inclusion attacks.
As a temporary workaround, consider restricting access to sensitive files and directories to minimize the risk of exploitation.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Php
Zipang Point Maker