CVE-2012-2227 Information

Description

Directory traversal vulnerability in update/index.php in PluXml before 5.1.6 allows remote attackers to include and execute arbitrary local files via a ..2F (encoded dot dot slash) in the default_lang parameter.

Reference

http://archives.neohapsis.com/archives/bugtraq/2012-05/0011.html http://osvdb.org/81638 http://secunia.com/advisories/49026 http://telechargements.pluxml.org/changelog http://www.exploit-db.com/exploits/18828 http://www.pluxml.org/article59/sortie-de-pluxml-5-1-6 http://www.securityfocus.com/bid/53348 https://exchange.xforce.ibmcloud.com/vulnerabilities/75330 https://www.htbridge.com/advisory/HTB23086