Directory traversal vulnerability in InteractivePHP FusionBB .11 Beta and earlier allows remote attackers to include arbitrary local files via ".." sequences in the language parameter.
http://www.interactivephp.com/misc/CHANGELOG.html
http://www.gulftech.org/?node=research&article_id=00081-06132005