Absolute path traversal vulnerability in admin/viewmsg.php in PineApp Mail-SeCure allows remote attackers to read arbitrary files via a full pathname in the msg parameter.Referenceshttp://archives.neohapsis.com/archives/fulldisclosure/2013-11/0133.html
