Multiple directory traversal vulnerabilities in index.php in Travelsized CMS 0.4.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) page_id and (2) language parameters.

More... (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1324)