Multiple directory traversal vulnerabilities in play.php in Web-MeetMe 3.0.3 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) roomNo and possibly the (2) bookid parameter.

More... (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6215)