Security Advisory
CVE-2009-2224
CVE vulnerability detail — eXtreme Datacenter Security Operations
Description
Directory traversal vulnerability in ang/shared/flags.php in AN Guestbook 0.7.8, when register_globals is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the g_lang parameter.