A new vulnerability was identified in WEBInsta Limbo, and may be exploited by attackers to compromise a vulnerable web server. The flaw is due to a "PHP File Inclusion" error and resides in the "index2.php" script when handling the "absolute_path" parameter, which may be exploited by a remote attacker to include arbitrary PHP files and execute commands with privileges of the web server.
Vulnerable Products
Vulnerable Software: WEBInsta Limbo version 1.0.2 and prior
Solution
K-OTik Security is not aware of any official supplied patch for this issue.
