form.php in GenesisTrader 1.0 allows remote attackers to read source code for arbitrary files and obtain sensitive information via the (1) do and (2) chem parameters with a "modfich" floap parameter.
https://exchange.xforce.ibmcloud.com/vulnerabilities/30888
http://www.securityfocus.com/bid/21595
http://www.securityfocus.com/archive/1/454385/100/0/threaded