CVE-2009-1407
NotFTP 1.3.1 is affected by a directory traversal/Local File Inclusion in config.php. The script fails to properly filter user input in languages[][file] (and related language loading logic), allowing remote attackers to read arbitrary local files via crafted URLs (e.g., .. paths). The vulnerabil...