Multiple directory traversal vulnerabilities in Simple PHP Newsletter 1.5 allow remote attackers to read arbitrary files via a .. (dot dot) in the olang paramet