Directory traversal vulnerability in Hassan Consulting shop.cgi shopping cart program allows remote attackers to read arbitrary files via a .. (dot dot) attack on the page parameter.
https://exchange.xforce.ibmcloud.com/vulnerabilities/5342
http://archives.neohapsis.com/archives/bugtraq/2000-10/0115.html