Directory traversal

Multiple directory traversal vulnerabilities in e-Vision CMS 2.02 and earlier allow remote attackers to 1 include and execute arbitrary local files via a .. dot dot in the adminlang cookie to admin/functions.php or 2 read arbitrary local files via the img parameter to admin/showimg.php...

e-Vision CMS 2.02 - SQL Injection Remote Code Execution

e-Vision CMS 2.02 - SQL Injection Remote Code Execution !/usr/bin/php -q -d shortopentag=on ...need i say more? Bug 2 admin/functions.php: if isset$COOKIE'adminlang' $languageselector = $COOKIE'adminlang'; else $languageselector = "en"; include"lang/".$languageselector.".php"; ...speaks for it se...