Public CVE-2006-6937 disclosure

Directory traversal vulnerability in includes/common.php in NitroTech 0.0.3a, as distributed before 2006, allows remote attackers to include arbitrary files via ".." sequences in the root parameter.