https://www.exploit-db.com/exploits/22941

漏洞细节尚未披露

source: http://www.securityfocus.com/bid/8236/info

It has been reported that attackers may be able to modify the 'location' variable passed to the index.php file to cause the Web server to return arbitrary files. This script is prone to a directory traversal vulnerability, allowing attackers to retrieve any file residing on the filesystem readable by the Web server user.

http://www.example.com/atomicboard/index.php?location=../../../../../../etc/passwd

http://www.example.com/AtomicBoard-0.6.2/index.php?location=anything