CVE-2009-2109

Publication date

2009-06-18 21:00:00

Family

mitre

State

PUBLISHED

Description

Multiple directory traversal vulnerabilities in FretsWeb 1.2 allow remote attackers to read arbitrary files via directory traversal sequences in the (1) language parameter to charts.php and the (2) fretsweb_language cookie parameter to unspecified vectors, possibly related to admin/common.php.