Directory traversal vulnerability in glossary.php in PROPS 0.6.1 allows remote attackers to view arbitrary files via a .. (dot dot) in (1) module or (2) format variables.
https://exchange.xforce.ibmcloud.com/vulnerabilities/16036
http://sourceforge.net/project/shownotes.php?group_id=29581&release_id=234433