Directory traversal vulnerability in passwiki.php in PassWiki 0.9.16 RC3 and earlier allows remote attackers to read arbitrary local files via a .. (dot dot) in the site_id parameter.
https://www.exploit-db.com/exploits/5704
https://exchange.xforce.ibmcloud.com/vulnerabilities/42768
http://www.securityfocus.com/bid/29455