Directory traversal vulnerability in sendphoto.php in WihPhoto 0.86 allows remote attackers to read arbitrary files via .. specifiers in the album parameter, and the target filename in the pic parameter.Referenceshttp://archives.neohapsis.com/archives/vulnwatch/2003-q1/0092.htmlhttp://www.iss.net/security_center/static/11429.phphttp://www.securityfocus.com/bid/6929http://www.securityfocus.com/archive/1/312966
