Directory traversal vulnerability in download.php in EZWebAlbum allows remote malicious users to read arbitrary files via the dlfilename parameter.
ezwebalbum ezwebalbum 1.0