CVE-2009-2109 Information

Description

Multiple directory traversal vulnerabilities in FretsWeb 1.2 allow remote attackers to read arbitrary files via directory traversal sequences in the (1) language parameter to charts.php and the (2) fretsweb_language cookie parameter to unspecified vectors possibly related to admin/common.php.

Reference

http://osvdb.org/55166 http://osvdb.org/55196 http://secunia.com/advisories/35492 https://www.exploit-db.com/exploits/8979