Directory traversal vulnerability in ADMIN/login.php in NetArtMEDIA WebSiteAdmin allows remote emote attackers to include and execute arbitrary local files via directory traversal sequences in the lng parameter.
http://pridels-team.blogspot.com/2010/09/netartmedia-real-estate-portal-v20-xss.html