CVE-2012-2227
Directory traversal vulnerability in update/index.php in PluXml before 5.1.6 allows remote attackers to include and execute arbitrary local files via a ..%2F (encoded dot dot slash) in the default_lang parameter.
Date published : 2012-08-26
http://www.securityfocus.com/bid/53348
http://archives.neohapsis.com/archives/bugtraq/2012-05/0011.html