Way-board CGI program allows remote malicious users to read arbitrary files by specifying the filename in the db parameter and terminating the filename with a null byte.
source: wwwsecurityfocuscom/bid/2370/info
A remote user could gain read access to known files outside of the root directory where Way-Board resides Requesting a specially crafted URL composed of '%00' sequences along with the known filename will disclose the requested file
target/way-board/way-boardcgi?db=url_to_any_file%00
...