Directory traversal vulnerability in region.php in KML share 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the layer parameter.

More... (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6212)