CVE-2009-0340 – Simple PHP NewsLetter 1.5 - Local File Inclusion

https://notcve.org/view.php?id=CVE-2009-0340

Multiple directory traversal vulnerabilities in Simple PHP Newsletter 1.5 allow remote attackers to read arbitrary files via a .. (dot dot) in the olang parameter to (1) mail.php and (2) mailbar.php. Multiples vulnerabilidades de salto de directorio en Simple PHP Newsletter v1.5 que permitiria a atacantes remotos leer ficheros a traves de ..(punto punto) en el parametro "olang" en (1)mail.php y (2) mailbar.php. • https://www.exploit-db.com/exploits/7813 http://www.securityfocus.com/bid/33327 https://exchange.xforce.ibmcloud.com/vulnerabilities/48089 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •