CVE-2007-5103 Information

Description

Directory traversal vulnerability in config.inc.php in Wordsmith 1.0 RC1 when register_globals is enabled allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the _path parameter.

Reference

http://osvdb.org/38576 http://secunia.com/advisories/26924 https://www.exploit-db.com/exploits/4446