CVE-2008-1409
Multiple directory traversal vulnerabilities in Exero CMS 1.0.1 (Default theme) allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the theme parameter to various PHP scripts (index.php, editpassword.php, avatar.php, custompage.php, errors/404....