Directory traversal vulnerability in the WML engine preprocessor for Wesnoth before 1.2.8 allows remote attackers to read arbitrary files via ".." sequences in unknown vectors.

More... (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5742)