CVE-2006-0132 Information

Description

Directory traversal vulnerability in webftp.php in SysCP WebFTP 1.2.6 and possibly earlier allows remote attackers to include and execute arbitrary local PHP scripts and possibly read other types of files via a .. (dot dot) and a trailing null in the webftp_language parameter.

Reference

http://secunia.com/advisories/18355 http://www.securityfocus.com/archive/1/420973/100/0/threaded http://www.securityfocus.com/bid/16175 http://www.vupen.com/english/advisories/2006/0090 https://exchange.xforce.ibmcloud.com/vulnerabilities/24018