CVE-2008-3405
CVE-2008-3405 describes a directory traversal vulnerability in the nzFotolog web application ( Ricardo Amaral nzFotolog 0.4.1 ). The flaw is in index.php where attackers can craft the action_file parameter to traverse directories and include/execute arbitrary local files on the server. Impact is ...