** DISPUTED **
Directory traversal vulnerability in data/inc/theme.php in Pluck 4.3,
when register_globals is enabled, allows remote attackers to read
arbitrary local files via a .. (dot dot) in the file parameter. NOTE:
CVE and a reliable third party dispute this vulnerability because the
code uses a a fixed argument when invoking fputs, which cannot be used
to read files.
Note:References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20070802 Pluck 4.3 themes.php Remote File Inclusion and disclosure
Disclaimer: The entry creation date may reflect when
the CVE-ID was allocated or reserved, and does not
necessarily indicate when this vulnerability was
discovered, shared with the affected vendor, publicly
disclosed, or updated in CVE.
This is an entry on the CVE
list, which standardizes names for security