CVE-2005-1298

The inserter.cgi script allows remote attackers to read arbitrary files via a full pathname in the argument.