CVE-2008-2840
Exero CMS 1.0.0/1.0.1 contains multiple directory traversal vulnerabilities that allow remote attackers to include and execute arbitrary local files through a .. in the theme parameter used by pages under themes/Default (e.g., custompage.php, errors/404.php, members/, news/ , nopermission.php, us...