Directory traversal vulnerability in download.html in ARWScripts Gallery Script Lite (aka gallery-script-lite or Free Photo Gallery Site Script), as of 20080411, allows remote attackers to read arbitrary local files via directory traversal sequences in the path parameter.
https://www.exploit-db.com/exploits/5419
https://exchange.xforce.ibmcloud.com/vulnerabilities/41742