Directory traversal vulnerability in PG Problem Editor module (PGProblemEditor.pm) in WeBWorK Online Homework Delivery System 2.2.0 and earlier allows remote attackers to read and write files outside of the templates directory.
https://exchange.xforce.ibmcloud.com/vulnerabilities/26975
http://www.vupen.com/english/advisories/2006/2086
http://sourceforge.net/project/shownotes.php?release_id=421453
http://sourceforge.net/mailarchive/forum.php?thread_id=10201693&forum_id=43257
http://secunia.com/advisories/20405
http://devel.webwork.rochester.edu/twiki/bin/view/Webwork/WeBWorKRelease2pt2pt1