CVE-2010-2138 Information

Description

Multiple directory traversal vulnerabilities in ProMan 0.1.1 and earlier allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the _SESSION[userLang] parameter to (1) elisttasks.php (2) managepmanagers.php (3) manageusers.php (4) helpfunc.php (5) managegroups.php (6) manageprocess.php and (7) manageusersgroups.php.

Reference

http://packetstormsecurity.org/1002-exploits/proman-rfilfi.txt http://www.exploit-db.com/exploits/11587 https://exchange.xforce.ibmcloud.com/vulnerabilities/56577