Vulnerabilities > CVE-2022-4606 - PHP Remote File Inclusion vulnerability in Flatpress

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
flatpress
CWE-98
critical

Summary

PHP Remote File Inclusion in GitHub repository flatpressblog/flatpress prior to 1.3.

Common Attack Pattern Enumeration and Classification (CAPEC)

  • PHP Remote File Inclusion
    In this pattern the attacker is able to load and execute arbitrary code remotely available from the application. This is usually accomplished through an insecurely configured PHP runtime environment and an improperly sanitized "include" or "require" call, which the user can then control to point to any web-accessible file. This allows attackers to hijack the targeted application and force it to execute their own instructions.