Rapid7 Vulnerability & Exploit Database

Remote File Inclusion

Back to Search

Remote File Inclusion

Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
05/12/2007
Created
07/25/2018
Added
08/17/2011
Modified
06/20/2013

Description

Malicious file execution vulnerabilities are found in many applications. Developers will often directly use or concatenate potentially hostile input with file or stream functions, or improperly trust input files. On many platforms, frameworks allow the use of external object references, such as URLs or file system references. When the data is insufficiently checked, this can lead to arbitrary remote and hostile content being included, processed or invoked by the Web server.

This is one of the flaws under the category of Injection, in the OWASP Top Ten.

Solution(s)

  • spider-remote-file-inclusion

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;