Multiple directory traversal vulnerabilities in GuppY 4.5.9 and earlier allow remote attackers to read and include arbitrary files via (1) the meskin parameter to admin/editorTypetool.php, or the lng parameter to the in admin/inc scripts (2) archbatch.php, (3) dbbatch.php, and (4) nwlmail.php.
rgod.altervista.org/guppy459_xpl.html
secunia.com/advisories/17790
securityreason.com/securityalert/212
securitytracker.com/id?1015279
www.securityfocus.com/archive/1/417899/100/0/threaded
www.securityfocus.com/bid/15610
www.vupen.com/english/advisories/2005/2635
exchange.xforce.ibmcloud.com/vulnerabilities/23319