Poll It 2.0 CGI script allows remote attackers to read arbitrary files by specifying the file name in the data_dir parameter.
https://exchange.xforce.ibmcloud.com/vulnerabilities/4878
http://www.securityfocus.com/bid/1431
http://archives.neohapsis.com/archives/bugtraq/2000-07/0076.html