🛒 sekumartdeals so good it should be illegal
USD EUR GBP 🏴 0/7 🛒 cart (0) login
security level: low medium high impossible

Source: image (security level: low)

Flip the security level in the header to compare the vulnerable and fixed code paths.

<?php // LOW: the file path is used as-is -> path traversal / LFI-read (open_basedir confines it to the
// webroot, so system files are blocked, but any app source can be read -> source disclosure).
$f = isset($_GET['file']) ? $_GET['file'] : 'assets/shipping.txt';
$content = @file_get_contents($f);