CVE-2009-2132 Information

Description

Directory traversal vulnerability in global.php in 4images before 1.7.7 when magic_quotes_gpc is disabled allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the l parameter.

Reference

http://bbs.wolvez.org/topic/56/ http://secunia.com/advisories/35427 http://www.4homepages.de/forum/index.php?topic=15186.0