An arbitrary file read vulnerability in ureport v2.2.9 allows a remote malicious user to arbitrarily read files on the server by inserting a crafted path.
ureport project ureport 2.2.9