CVE-2008-2342
CVE-2008-2342 describes a Directory traversal in News Manager 2.0: attachments.php allows remote attackers to read arbitrary files by supplying .. in the id parameter. Root cause is inadequate validation of the id parameter, enabling path traversal. Impact is partial file disclosure on the affect...