This is a writeup describing a Local File Inclusion (LFI) vulnerability in ALPHA CMS version 3.2. The vulnerability arises from insecure file inclusion in the `alpha.php` file, allowing attackers to include arbitrary local files via the `Absolute_Path` parameter.
Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target:ALPHA CMS 3.2
No auth needed
Prerequisites:Access to the vulnerable `alpha.php` endpoint