CVE-2000-0872
explorer.php in PhotoAlbum 0.9.9 allows remote attackers to read arbitrary files via a .. (dot dot) attack.
Date published : 2000-10-18
http://www.securityfocus.com/bid/1650
http://archives.neohapsis.com/archives/bugtraq/2000-09/0015.html