CVE-2010-0958 Information

Description

Directory traversal vulnerability in modules/hayoo/index.php in Tribisur 2.1 2.0 and earlier when magic_quotes_gpc is disabled allows remote attackers to include and execute arbitrary files via directory traversal sequences in the theme parameter. NOTE: some of these details are obtained from third party information.

Reference

http://packetstormsecurity.org/1003-exploits/tribisur-lfi.txt http://secunia.com/advisories/28362 http://www.exploit-db.com/exploits/11655 http://www.securityfocus.com/bid/38596