Directory traversal vulnerability in sendcard.php in Sendcard 3.4.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sc_language parameter.
Related posts