cpe:/a:phpkobo:address_book_script:1.09 CVE-2010-1058 2010-03-23T13:30:00.753-04:00 2017-08-16T21:32:13.600-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2010-03-24T09:24:00.000-04:00 EXPLOIT-DB 11754 BID 38731 SECUNIA 38938 OSVDB 63003 XF addressbook-langcode-file-include(56910) MISC http://packetstormsecurity.org/1003-exploits/addressbookscript-lfi.txt Directory traversal vulnerability in codelib/cfg/common.inc.php in Phpkobo Address Book Script 1.09, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the LANG_CODE parameter.