cpe:/a:zirkon_box:yappa-ng:2.3.2 CVE-2008-4626 2008-10-20T21:18:02.117-04:00 2017-09-28T21:32:15.960-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2008-10-21T13:00:00.000-04:00 ALLOWS_OTHER_ACCESS BID 31828 SECUNIA 32325 SREASON 4444 OSVDB 49171 EXPLOIT-DB 6788 XF yappang-index-file-include(45965) Directory traversal vulnerability in index.php in Fritz Berger yet another php photo album - next generation (yappa-ng) 2.3.2 and possibly other versions through 2.3.3-beta0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the album parameter.