CVE-2010-2456 – Linker IMG 1.0 - Remote File Inclusion

https://notcve.org/view.php?id=CVE-2010-2456

25 Jun 2010 — Multiple directory traversal vulnerabilities in index.php in Linker IMG 1.0 and earlier allow remote attackers to read and execute arbitrary local files via a URL in the (1) cook_lan cookie parameter ($lan_dir variable) or possibly (2) Sdb_type parameter. NOTE: this was originally reported as remote file inclusion, but this may be inaccurate. Múltiples ulnerabilidades de salto de directorio en index.php en Linker IMG v1.0 y anteriores permite a atacantes remotos leer y ejecutar ficheros locales de su elecci... • https://www.exploit-db.com/exploits/13964 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •