A path traversal vulnerability has been identified in the Glype web-based proxy that allows an attacker to run arbitrary PHP code on the server or to remove critical files from the filesystem. Version 1.4.9 is affected.
90908a193872545e7e1dc5fd354b168c8969c94042ebe864eaa3c75d1060efe3