CVE-2002-2167 Information

Description

Directory traversal vulnerability in function_foot_1.inc.php for Thorsten Korner 123tkShop before 0.3.1 allows remote attackers to read arbitrary files via .. (dot dot) sequences terminated by a null character in the $designNo variable which is part of an \include\ function call.

Reference

http://online.securityfocus.com/archive/1/282404 http://www.iss.net/security_center/static/9581.php http://www.securityfocus.com/bid/5243