CVE-2006-5510 - Sludgy Crack

Description

Directory traversal vulnerability in explorer_load_lang.php in PH Pexplorer 0.24 allows remote attackers to include arbitrary local files via ..\ sequences in the Language cookie as demonstrated by uploading a .gif file that contains PHP code.

Reference

http://www.rahim.webd.pl/exploity/Exploits/104.txt http://www.securityfocus.com/bid/20665 http://secunia.com/advisories/22504 http://www.osvdb.org/29899 http://www.vupen.com/english/advisories/2006/4128 https://exchange.xforce.ibmcloud.com/vulnerabilities/29714 https://www.exploit-db.com/exploits/2598