2. $lang = htmlspecialchars($_GET['lang']); // ok, but....
for what ? lol
7. if(file_exists('templates/'.$lang.'_middle.php')) // We'll have
to cut off rest of filename & extension
8. include('templates/'.$lang.'_middle.php'); // Ekhm... pwned
;d
If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com.
Maksymilian Arciemowicz discovered a Integer Overflow
vulnerability in the libc library "strfmon()" function.A vulnerability could allow an attacker who successfully exploits this vulnerability to take control of the affected *BSD systems.