Directory traversal vulnerability in help.cgi in Ikonboard 2.1.7b and earlier allows a remote attacker to read arbitrary files via a .. (dot dot) attack in the helpon parameter.
https://exchange.xforce.ibmcloud.com/vulnerabilities/6216
http://archives.neohapsis.com/archives/bugtraq/2001-03/0124.html