A vulnerability has been identified in phpWebSite, which could be exploited by remote attackers to gain knowledge of sensitive information or compromise a vulnerable server. This flaw is due to an input validation error in the "index.php" script that does not properly validate the "hub_dir" variable, which could be exploited by remote attackers to inject arbitrary commands (e.g. into the log file) and execute them with the privileges of the web server via a local file inclusion.
Vulnerable Products
Vulnerable Software: phpWebSite version 0.10.2 and prior
