cpe:/a:yerba:yerba:6.3 cpe:/a:yerba:yerba:6.28 CVE-2008-4486 2008-10-07T22:00:01.503-04:00 2017-09-28T21:32:11.087-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2008-10-08T12:29:00.000-04:00 ALLOWS_ADMIN_ACCESS BUGTRAQ 20081006 Yerba SACphp <= 6.3 / Local File Inclusion Exploit BID 31606 SECUNIA 32093 SREASON 4368 EXPLOIT-DB 6687 VUPEN ADV-2008-2754 XF yerbasacphp-mod-file-include(45708) Directory traversal vulnerability in index.php in SAC.php (SACphp), as used in Yerba 6.3 and earlier, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the mod parameter.