|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #67036 Local File Inclusion Vulnerability on
Submitted: 2014-04-06 15:56 UTC Modified: 2014-04-06 20:40 UTC
From: ghulianisikh at gmail dot com Assigned:
Status: Not a bug Package: Website problem
PHP Version: Irrelevant OS:
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Bug Type:
From: ghulianisikh at gmail dot com
New email:
PHP Version: OS:


 [2014-04-06 15:56 UTC] ghulianisikh at gmail dot com
While pentesting , i found a critical LFI (Local File Inclusion) Vulnerability . This vulnerability leads to disclose source code of any php file on the server. 
Following are the details: 

This is the url that is vulnerable to LFI . 
Fow example:

I was also able to grab source of pear directory index page. [Right Click -> View Source]

Please let me know if you need any help with reproduction of bug. 
Thank You !


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2014-04-06 20:40 UTC]
-Status: Open +Status: Not a bug -Type: Security +Type: Bug
 [2014-04-06 20:40 UTC]
Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at and the instructions on how to report
a bug at

PHP website sources are public.
PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Fri Dec 09 06:03:45 2022 UTC