index.php in PEGames uses the extract function to overwrite critical variables, which allows remote attackers to conduct PHP remote file inclusion attacks via the abs_url parameter, which is later extracted to overwrite a previously uncontrolled value.
Get an AI-powered plain-language explanation of this vulnerability and remediation steps.
Login to generate AI explanation8 reference(s) from NVD