Directory traversal vulnerability in mod.php in phpCOIN 1.2.1 allows remote malicious users to read arbitrary files via a .. (dot dot) in the mod parameter.
phpcoin phpcoin 1.2.1