CVE-2009-2177

code/display.php in fuzzylime cms 3.03a and earlier, when magicquotesgpc is disabled, allows remote attackers to conduct directory traversal attacks and overwrite arbitrary files via a "....//" dot dot in the s parameter, which is collapsed into a "../" value...