Local file inclusion vulnerability

[themcaffee]

In csr.php on line 9:

 include $_GET['p'].'.php';

there is a local file inclusion vulnerability. p is not sanitized and by using a null byte character can be used to include any file on the server. More information