Directory traversal

Directory traversal vulnerability in makepost.php in DaZPHPNews 0.1-1, when registerglobals is enabled and magicquotesgpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. dot dot in the prefixdir parameter...