Directory traversal

Directory traversal vulnerability in the getlang function in global.php in Quicksilver Forums 1.4.2 and earlier, as used in QSF Portal before 1.4.5, when running on Windows, allows remote attackers to include and execute arbitrary local files via a "" backslash in the lang parameter to index.php,...

slaed-lfi.txt

SLAED CMS 2.5 Lite Local file inclusion Script url http://www.slaed.net/uploads/files/public/SLAEDCMS2.5Lite.zip Lets code in function/sources.php: 780: // Format language 781: function getlang$module="" 782: global $multilingual, $currentlang, $language, $usercookiet; 783: if...