The provided text describes a local file inclusion (LFI) vulnerability in Xataface versions prior to 1.2.6, as well as 1.3rc1 and 1.3rc2. The vulnerability allows an attacker to include arbitrary local files via unsanitized input in the `-action` parameter.
Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target:Xataface < 1.2.6, 1.3rc1, 1.3rc2
No auth needed
Prerequisites:Access to the target web application