Directory traversal vulnerability in PHPix Photo Album 1.0.2 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack.
https://exchange.xforce.ibmcloud.com/vulnerabilities/5331
http://archives.neohapsis.com/archives/bugtraq/2000-10/0117.html