CVE-2009-2110 Information

Description

Multiple directory traversal vulnerabilities in DB Top Sites 1.0 when magic_quotes_gpc is disabled allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the u parameter to (1) full.php (2) index.php and (3) contact.php.

Reference

http://osvdb.org/55116 http://osvdb.org/55117 http://osvdb.org/55118 http://secunia.com/advisories/35419 https://exchange.xforce.ibmcloud.com/vulnerabilities/51120 https://www.exploit-db.com/exploits/8952