form.php in GenesisTrader 1.0 allows remote attackers to read source code for arbitrary files and obtain sensitive information via the (1) do and (2) chem parameters with a "modfich" floap parameter.Referenceshttp://www.securityfocus.com/bid/21595http://www.securityfocus.com/archive/1/454385/100/0/threadedhttp://securityreason.com/securityalert/2035https://exchange.xforce.ibmcloud.com/vulnerabilities/30888
