Directory traversal vulnerability in include_lang.php in Phaos 0.9.2 allows remote attackers to include arbitrary local files via ".." sequences in the lang parameter.Referenceshttps://www.exploit-db.com/exploits/2253http://www.securityfocus.com/bid/19710https://exchange.xforce.ibmcloud.com/vulnerabilities/28565
