CVE-2006-2156
CVE-2006-2156: Directory traversal in X7 Chat (2.0 and earlier) allows remote inclusion of arbitrary files via .. sequences in the help_file parameter of help/index.php (unsanitized input used in include). Related entry CVE-2008-4718 describes a different vector in help/mini.php for 2.0.1 A1 and ...