CVE-2008-2976 Information

Description

Multiple directory traversal vulnerabilities in TinX/cms 1.1 when register_globals is enabled allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) language parameter to (a) include_me.php (b) admin/ajax.php and (c) admin/objects/catalog.ajaxhandler.php; and the (2) prefix parameter to (d) admin/inc/config.php.

Reference

http://www.securityfocus.com/bid/29907 https://exchange.xforce.ibmcloud.com/vulnerabilities/43305 https://www.exploit-db.com/exploits/5917