You appear to have reported 4 non existent issues in a row, in this case the variable you are trying to exploit is defined at the very top of the script. It's the same with the Maian scripts you are reporting. They clearly have the following at the top of the script. $path_to_folder = dirname(__FILE__).'/'; I suggest your time would be better spent actually learning the language before you attempt to report any sort of security exploits.