picture.php in WebSPELL 4.01.02 and earlier allows remote attackers to read arbitrary files via the file parameter. Date published : 2007-04-30 https://www.expl