cpe:/a:phpay:phpay:2.02.01 CVE-2007-6471 2007-12-19T19:46:00.000-05:00 2017-08-07T21:29:10.383-04:00 5.8 NETWORK MEDIUM NONE PARTIAL PARTIAL NONE http://nvd.nist.gov 2007-12-20T13:47:00.000-05:00 BUGTRAQ 20071214 Phpay - Local File Inclusion BID 26881 SECUNIA 28111 SREASON 3466 VUPEN ADV-2007-4231 XF phpay-main-file-include(39063) Incomplete blacklist vulnerability in main.php in phPay 2.02.01 on Windows allows remote attackers to conduct directory traversal attacks and include and execute arbitrary local files via a ..\ (dot dot backslash) in the config parameter.