CVE-2009-0729 Information

Description

Multiple directory traversal vulnerabilities in Page Engine CMS 2.0 Basic and Pro allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the fPrefix parameter to (1) modules/recent_poll_include.php (2) modules/login_include.php and (3) modules/statistics_include.php and (4) configuration.inc.php in includes/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Reference

http://osvdb.org/52175 http://osvdb.org/52176 http://osvdb.org/52177 http://osvdb.org/52178 http://secunia.com/advisories/33983 http://www.securityfocus.com/bid/33860 https://exchange.xforce.ibmcloud.com/vulnerabilities/48856