VULNS MITIGATION

1. File Upload Vulns - Only allow safe files to be updated.

2. Code Execution Vulns:

• Don‘t use dangerous functions.
• Filter use input before execution.

3. File inclusion:

• Disable allow_url_fopen & allow_url_include.

• Use static file inclusion.

Suggest using Hard Code Style, not using any variables, which is much more secure.

index.php?page=news.phpindex.phpcode:include($_GET(‘page‘));

index.php
code:
include(‘page.php‘);