CVE-2007-2368
WebSPELL 4.01.02 (and earlier) is affected in picture.php where the file parameter can be abused to read arbitrary files. Root cause: improper handling of the file parameter allows remote attackers to access files, with no authentication and network-based access. The issue has a NVD CVSS v2 base ...