Directory traversal vulnerability in fileview.php in Imageview 5.3 allows remote malicious users to read arbitrary files via a .. (dot dot) in the album parameter.
blackdot imageview 5.3