CVE-2010-1537 Information

Description

Multiple directory traversal vulnerabilities in phpCDB 1.0 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang_global parameter to (1) firstvisit.php (2) newfolder.php (3) showfolders.php (4) newlang.php (5) showinnerfolder.php (6) writecode.php and (7) showcode.php.

Reference

http://packetstormsecurity.org/1002-exploits/phpcdb-lfi.txt http://www.exploit-db.com/exploits/11585 http://www.securityfocus.com/bid/38507 https://exchange.xforce.ibmcloud.com/vulnerabilities/56579