cpe:/a:bigace:bigace_cms:2.6 CVE-2009-2379 2009-07-08T11:30:01.657-04:00 2017-09-18T21:29:04.407-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2009-07-08T14:46:00.000-04:00 SECTRACK 1022489 BID 35537 SECUNIA 35643 OSVDB 55510 EXPLOIT-DB 9052 XF bigace-index-file-include(51444) CONFIRM http://forum.bigace.de/announcements/security-patch-for-bigace-2-6 CONFIRM http://www.bigace.de/Security-patch-for-BIGACE-2.6-released.html Directory traversal vulnerability in public/index.php in BIGACE Web CMS 2.6 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cmd parameter.