Multiple directory traversal vulnerabilities in mod/chat/index.php in WebED 0.0.9 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) Root and (2) Path parameters.

More... (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6213)