Directory traversal vulnerability in quiz.cgi for Mike Spice Quiz Me! before 0.6 allows remote attackers to write arbitrary files via .. (dot dot) sequences in the quiz parameter.
https://exchange.xforce.ibmcloud.com/vulnerabilities/7970
http://www.securityfocus.com/bid/3857