Directory traversal vulnerability in A.l-Pifou 1.8p2 allows remote
attackers to read arbitrary files via ".." sequences in the
ze_langue_02 cookie, as demonstrated by using the choix_lng parameter
to choix_langue.php to indirectly set the cookie, then accessing
livre_dor.php to trigger the inclusion from inc/change_lang_ck.php,
possibly related to livre_livre.php. NOTE: the livre_livre.php
relationship has been reported by some third party sources.
Note:References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
FULLDISC:20060920 A.I-Pifou (Cookie) Local File Inclusion
Disclaimer: The entry creation date may reflect when
the CVE-ID was allocated or reserved, and does not
necessarily indicate when this vulnerability was
discovered, shared with the affected vendor, publicly
disclosed, or updated in CVE.
This is an entry on the CVE
list, which standardizes names for security