Multiple directory traversal vulnerabilities in CMScout 2.06, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the bit parameter to (1) admin.php and (2) index.php, different vectors than CVE-2008-3415.
https://www.exploit-db.com/exploits/7625
https://exchange.xforce.ibmcloud.com/vulnerabilities/47660
http://www.cmscout.co.za/index.php?page=news&id=30