front-end/edit.php in mini-pub 0.3 and earlier allows remote attackers to read files and obtain PHP source code via a filename in the sFileName parameter.Referenceshttps://www.exploit-db.com/exploits/6734https://exchange.xforce.ibmcloud.com/vulnerabilities/45831http://www.securityfocus.com/bid/31733
