cpe:/a:poweraward:poweraward:1.1.0:rc1 CVE-2008-5204 2008-11-21T12:30:00.703-05:00 2017-09-28T21:32:31.010-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2008-11-24T15:02:00.000-05:00 BID 29993 EXPLOIT-DB 5962 XF poweraward-lang-file-include(43463) Multiple directory traversal vulnerabilities in PowerAward 1.1.0 RC1, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the lang parameter to (1) agb.php, (2) angemeldet.php, (3) anmelden.php, (4) charts.php, (5) external_vote.php, (6) guestbook.php, (7) impressum.php, (8) index.php, (9) rss-reader.php, (10) statistic.php, (11) teilnehmer.php, (12) topsites.php, (13) votecode.php, (14) voting.php, and (15) winner.php.