CVE-2007-6604
CVE-2007-6604 affects XCMS 1.82 and earlier. The vulnerability is in index.php, where directory traversal via a dot-dot sequence in two parameters (s on the admin page, or pg for an arbitrary module) lets remote attackers read arbitrary files. Demonstrations include reading a password hash from a...