2005-03-04 05:00:00
mitre
PUBLISHED
sendpm.php in PBLang 4.63 allows remote authenticated users to read arbitrary files via a full pathname in the orig parameter.