cpe:/a:sir:gnuboard:4.31.03 CVE-2009-0290 2009-01-27T14:30:02.313-05:00 2017-09-28T21:33:43.700-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2009-01-27T15:14:00.000-05:00 ALLOWS_OTHER_ACCESS BID 33304 SECUNIA 33564 EXPLOIT-DB 7792 XF gnuboard-common-file-include(48015) Directory traversal vulnerability in common.php in SIR GNUBoard 4.31.03 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the g4_path parameter. NOTE: in some environments, this can be leveraged for remote code execution via a data: URI or a UNC share pathname.