Directory traversal vulnerability in search.php in Pivot 1.40.5 allows remote malicious users to read arbitrary files via a .. (dot dot) in the t parameter.
pivot pivot 1.40.5