CVE-2009-2611 Information

Description

Directory traversal vulnerability in infusions/last_seen_users_panel/last_seen_users_panel.php in MyFusion (aka MyF) 6 Beta when register_globals is enabled allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the settings[locale] parameter.

Reference

http://www.exploit-db.com/exploits/9018