### [CVE-2012-5242](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5242) ![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) ### Description Directory traversal vulnerability in functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter in a get_template action. ### POC #### Reference - http://www.exploit-db.com/exploits/23573 #### Github No PoCs found on GitHub currently.