CVE-2006-4963
Exponent CMS 0.96.3 is vulnerable to a local file inclusion (LFI) via the view parameter in the calendarmodule’s show_view action (index.php). The underlying issue is improper handling of ../ sequences that allows remote attackers to read and execute arbitrary local files, demonstrated by PHP cod...