CVE-2010-5281
CMScout 2.09 IBrowser TinyMCE Plugin 1.4.1 is affected by a directory traversal in ibrowser.php. When magic_quotes_gpc is disabled, an attacker can read arbitrary files by injecting a .. into the lang parameter. This is a true vulnerability with CVE-2010-5281 documented by NVD (base score 6.8, ve...