CVE-2009-0592 Information

Description

Multiple directory traversal vulnerabilities in PNphpBB2 1.2i and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ModName parameter to (1) admin_words.php (2) admin_groups_reapir.php (3) admin_smilies.php (4) admin_ranks.php (5) admin_styles.php and (6) admin_users.php in admin/.

Reference

http://secunia.com/advisories/33365 http://www.securityfocus.com/bid/33103 https://www.exploit-db.com/exploits/7658