CVE-2007-1040
Xpression News (X-News) 1.0.1 is affected by a directory traversal in archives.php. The xnews-template parameter accepts a .. path traversal, enabling remote attackers to include arbitrary files or view sensitive information. The vulnerability is confirmed in CVE-2007-1040 and is documented with...