CVE-2010-1652 Information

Description

Directory traversal vulnerability in the HelpCenter module in Help Center Live (HCL) 2.0.6 and 2.1.7 allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the file parameter to module.php. NOTE: some of these details are obtained from third party information.

Reference

http://packetstormsecurity.org/1004-exploits/helpcenterlive-lfi.txt http://secunia.com/advisories/39615 http://www.exploit-db.com/exploits/12421 http://www.securityfocus.com/bid/39732 http://www.vupen.com/english/advisories/2010/1009