Re: LFI On SMF 1.1.3
Let me preface this by saying I'm not a security expert, however considering
that the above line is immediately preceeded by:
if (!isset($_REQUEST['action']) || !isset($actionArray[$_REQUEST['action']]))
...with a default action defined by either the theme or the the SMF software
itself (causing the LFI statement to never be reached), and that $actionArray
is statically defined beforehand; is this really an LFI vulnerability, or just
something that looks like the LFI pattern on the surface?