admin_loader.php in PunBB 1.2.1 allows remote malicious users to read arbitrary files via the plugin parameter.
punbb punbb 1.2.1