Detailedseverity: MediumDraft

CAPEC-252PHP Local File Inclusion

Abstraction
Detailed
Status
Draft
Severity
Medium

Description

The attacker loads and executes an arbitrary local PHP file on a target machine. The attacker could use this to try to load old versions of PHP files that have known vulnerabilities, to load PHP files that the attacker placed on the local machine during a prior attack, or to otherwise change the functionality of the targeted application in unexpected ways.

Related weaknesses· 1

CWE-829

Related attack patterns· 1

CAPEC-251 (ChildOf)

Exploits1

TypeTargetConfidenceTier
WeaknessInclusion of Functionality from Untrusted Control Spherecwe-829100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
PHP Remote File Inclusion
CAPEC
Local Code Inclusion
CAPEC
Remote Code Inclusion
CAPEC
Code Inclusion
CAPEC
Code Injection
CWE
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.