Directory traversal

Directory traversal vulnerability in .include/init.php aka admin/include/init.php in QuiXplorer 2.3.2 and earlier, as used in TinyWebGallery TWG 1.7.6 and earlier, allows remote attackers to include and execute arbitrary local files via a .. dot dot in the lang parameter to admin/index.php...