Directory traversal vulnerability in Kasseler CMS 1.3.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to index.php, possibly related to the phpManual module.

More... (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3087)