Directory traversal vulnerability in WebSPIRS 3.1 allows remote malicious users to read arbitrary files via a .. (dot dot) attack on the sp.nextform parameter.
source: wwwsecurityfocuscom/bid/2362/info
A remote user could gain read access to known files outside of the root directory where SilverPlatter WebSPIRS resides Requesting a specially crafted URL composed of '/' sequences along with the known filename will disclose the requested file
wwwtargetcom/cgi-bin/webspirscgi?spnextform= ...