Directory traversal vulnerability in ADMIN/login.php in NetArtMEDIA WebSiteAdmin allows remote emote attackers to include and execute arbitrary local files via directory traversal sequences in the lng parameter.