Directory traversal vulnerability in scan_lang_insert.php in Boris Herbiniere-Seve SPiD 1.3.1 allows remote malicious users to read arbitrary files via the lang parameter.
source: wwwsecurityfocuscom/bid/16822/info
SPiD is prone to a local file-include vulnerability This issue is due to a failure in the application to properly sanitize user-supplied input
Successful exploitation of this issue may facilitate the unauthorized viewing of files and execution of local scripts
wwwexamplecom/spiddir/ ...