CVE-2006-7112
MD-Pro before 1.0.77 (MD-Pro 1.0.76 and earlier) contains a directory traversal vulnerability in error.php exploitable via the PNSVlang cookie. Remote authenticated users can read and include arbitrary files by uploading a GIF via AddDownload or injecting PHP into a log file, then accessing it. T...