VULNS MITIGATION
1. File Upload Vulns - Only allow safe files to be updated.
2. Code Execution Vulns:
- Don't use dangerous functions.
- Filter use input before execution.
3. File inclusion:
- Disable allow_url_fopen & allow_url_include.
- Use static file inclusion.
Suggest using Hard Code Style, not using any variables, which is much more secure.
index.php?page=news.php index.php code: include($_GET('page'));
index.php
code:
include('page.php');