Directory traversal vulnerability in WebAsyst Shop-Script FREE has unknown impact and attack vectors via the sub parameter.
http://www.vupen.com/english/research-web.php
http://www.vupen.com/english/advisories/2010/0882
http://www.securityfocus.com/archive/1/510741/100/0/threaded