picture.php in WebSPELL 4.01.02 and previous versions allows remote malicious users to read arbitrary files via the file parameter.
webspell webspell