FlatnuX CMS contains a flaw that allows a remote attacker to traverse outside of a restricted path. The issue is due to the controlcenter.php script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied via the 'dir' parameter of the contents/Files action. This directory traversal attack would allow the attacker to gain access to arbitrary files.
Remote / Network Access
Loss of Confidentiality
OSVDB is not aware of a solution for this vulnerability.