CVE-2009-0291 Information

Description

Directory traversal vulnerability in fc.php in OpenX 2.6.3 allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the MAX_type parameter.

Reference

http://www.securityfocus.com/archive/1/500411/100/0/threaded http://www.securityfocus.com/bid/33458 https://www.exploit-db.com/exploits/7883