CVE-2008-6884

Multiple directory traversal vulnerabilities in XOOPS 2.3.1, when registerglobals is enabled, allow remote attackers to include and execute arbitrary local files via a .. dot dot in the xoopsConfiglanguage parameter to 1 blocks.php and 2 main.php in xoopslib/modules/protector/...